SECUI Corporation


	Korean

<< Back

VID	28340
Severity	20
Port	139,445
Protocol	TCP
Class	SMB
Detailed Description	The Reset Account Lockout Counter After value is not set, or less than the value defined in the security policy. If the duration is too short, or if account lockouts are not enabled, attackers can easily brute force your accounts. This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts. The available range is 1 minute to 99,999 minutes. If an account lockout threshold is defined, this reset time must be less than or equal to the Account lockout duration. This policy setting is not enabled by default, and only has meaning when an Account lockout threshold is specified. * Platforms Affected: http://www.securityfocus.com/infocus/1297 http://www.microsoft.com/technet/security/topics/issues/W2kCCSCG/W2kSCGce.asp http://hq.mcafeeasap.com/vulnerabilities/vuln_data/25000.asp * Platforms Affected: Windows Any version
Recommendation	Set the Reset Account Lockout Counter After value so that it equals or exceeds the Lockout Window value in the current policy. To change the Reset Account Lockout Counter After value: For Windows NT: 1. Open User Manager. (From the Windows NT Start menu, select Programs, Administrative Tools (Common), and User Manager.) 2. From the Policies menu, select Account to display the Account Policy dialog box. 3. Enable Account Lockout. 4. Set the Reset Account Lockout Counter After field to a value that is less than or equal to the value in the current policy. 5. Click OK. For a Windows 2000 domain: 1. Start Microsoft Management Console (mmc). From the Windows Start menu, select Run, type mmc, and click OK. 2. Add Group Policy Snap-in. 3. Browse Group Policy Objects. 4. Select the Domain Policy of interest. 5. Traverse the following path: Computer Configuration, Windows Settings, Security Settings, Account Policies, Account Lockout Policy. 6. Set the Reset Account Lockout Threshold After to desired value, according to your administration policy. For a stand-alone Windows 2000 computer: 1. On the affected computer, start gpedit.msc. From the Windows Start menu, select Run, type gpedit.msc, and click OK. The focus is local computer by default. 2. Traverse the following path: Computer Configuration, Windows Settings, Security Settings, Account Policies, Account Lockout Policy. 3. Set the Reset Account Lockout Threshold After to desired value, according to your administration policy. For Windows XP, 2003, 7, 2008, 8, 2012, 10, 2016, 2019 computer: 1. On the affected computer, start gpedit.msc. From the Windows Start menu, select Run, type gpedit.msc, and click OK. The focus is local computer by default. 2. Traverse the following path: Computer Configuration, Windows Settings, Security Settings, Account Policies, Account Lockout Policy. 3. Set the Reset Account Lockout Threshold After to desired value, according to your administration policy.
Related URL	CVE-1999-0582 (CVE)
Related URL	(SecurityFocus)
Related URL	225 (ISS)