Detections
Analytics
Enabled Guest Account
low
Language:
Description
By default, the guest account is disabled in Active Directory. Enabling this account introduces security risks by allowing anonymous access to the domain, which threat actors might use to conduct reconnaissance and potentially compromise network integrity by accessing sensitive data and enumerating accounts.
Solution
Disable the guest account to avoid anonymous logins.
See Also
Active Directory Security Assessment Checklist - Guest account enabled
Indicator Details
Name: Enabled Guest Account
Codename: C-GUEST-ACCOUNT
Severity: Low
- Tactic: TA0001 - Initial Access
- Techniques: T1078.001 - Default Accounts
- Tactic: TA0043 - Reconnaissance
- Techniques: T1590 - Gather Victim Network Information
- Tactic: TA0043 - Reconnaissance
- Techniques: T1595 - Active Scanning