| VID |
28358 |
| Severity |
30 |
| Port |
135 |
| Protocol |
TCP |
| Class |
WMI |
| Detailed Description |
Remote system display last user name. An attacker who is able to access the console on the server, can see the name of the last logged-on user and guess passwords or brute force attack can attempt to log on through.
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
1. Run> SECPOL.MSC > Local Policies> Security Options
2. 'Interactive logon: Do not display last user name' setting the value to 'Enabled' |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
