Accounts With Never Expiring Passwords

medium

Language:

Description

Active Directory accounts should follow a global password renewal policy that prohibits them from going indefinitely without changing their passwords.

Solution

A password expiration policy limits the risk of an attacker guessing or cracking a password before it changes. All user and administrator accounts must follow this policy without exception.
Service accounts can pose a challenge as they require special attention. In case the password of a service account expires and the application developer has not updated it, the service might stop functioning properly. To avoid such an interruption, a specific process must be in place to regularly update the password manually.

Indicator Details

Name: Accounts With Never Expiring Passwords

Codename: C-PASSWORD-DONT-EXPIRE

Severity: Medium

MITRE ATT&CK Information:

Tactic: TA0001 - Initial Access
- Techniques: T1078 - Valid Accounts
Tactic: TA0003 - Persistence
- Techniques: T1078 - Valid Accounts
Tactic: TA0004 - Privilege Escalation
- Techniques: T1078 - Valid Accounts

Attacker Known Tools

Gentil Kiwi: mimikatz

Detections

Analytics