Detections
Analytics
User Account Using Old Password
medium
Language:
Description
To mitigate the risk of credential theft, it is advisable to update regularly the passwords of all active accounts in Active Directory. However, if users must change their password too frequently, this may lead to the selection of predictable passwords or the storage of passwords in unsafe locations, increasing the likelihood of credential theft.
Solution
Tenable recommends implementing a password renewal policy for accounts with sensitive access rights in the information system. Configure this policy to prevent users from changing their password too frequently, which could increase the likelihood of predictable password use.
See Also
NIST - Digital Identity Guidelines Authentication and Lifecycle Management
Security baseline (FINAL) for Windows 10 v1903 and Windows Server v1903
Indicator Details
Name: User Account Using Old Password
Codename: C-USER-PASSWORD
Severity: Medium
- Tactic: TA0003 - Persistence
- Techniques: T1078 - Valid Accounts
- Tactic: TA0004 - Privilege Escalation
- Techniques: T1078 - Valid Accounts
Attacker Known Tools
van Hauser / THC: THC-Hydra
Solar Designer: John the Ripper
Jens Steube: Hashcat