Policy : Microsoft Windows: Network security: Do not store LAN Manager hash value on next password change

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.109233

Kategorie: Policy

Titel: Microsoft Windows: Network security: Do not store LAN Manager hash value on next password change

Zusammenfassung: This policy setting determines whether LAN Manager is prevented;from storing hash values for the new password the next time the password is changed. Hash values are;a representation of the password after the encryption algorithm is applied that corresponds to the;format that is specified by the algorithm. To decrypt the hash value, the encryption algorithm must;be determined and then reversed. The LAN Manager hash is relatively weak and prone to attack;compared to the cryptographically stronger NTLM hash. Because the LM hash is stored on the local;device in the security database, the passwords can be compromised if the security database, Security;Accounts Manager (SAM), is attacked.;;By attacking the SAM file, attackers can potentially gain access to user names and password hashes.;Attackers can use a password-cracking tool to determine what the password is. After they have access;to this information, they can use it to gain access to resources on your network by impersonating;users. Enabling this policy setting will not prevent these types of attacks, but it will make them;much more difficult.;;(C) Microsoft Corporation 2015.

Beschreibung: Summary:
This policy setting determines whether LAN Manager is prevented
from storing hash values for the new password the next time the password is changed. Hash values are
a representation of the password after the encryption algorithm is applied that corresponds to the
format that is specified by the algorithm. To decrypt the hash value, the encryption algorithm must
be determined and then reversed. The LAN Manager hash is relatively weak and prone to attack
compared to the cryptographically stronger NTLM hash. Because the LM hash is stored on the local
device in the security database, the passwords can be compromised if the security database, Security
Accounts Manager (SAM), is attacked.

By attacking the SAM file, attackers can potentially gain access to user names and password hashes.
Attackers can use a password-cracking tool to determine what the password is. After they have access
to this information, they can use it to gain access to resources on your network by impersonating
users. Enabling this policy setting will not prevent these types of attacks, but it will make them
much more difficult.

(C) Microsoft Corporation 2015.

CVSS Score:
0.0

CVSS Vector:
AV:L/AC:H/Au:S/C:N/I:N/A:N

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.109233
Kategorie:	Policy
Titel:	Microsoft Windows: Network security: Do not store LAN Manager hash value on next password change
Zusammenfassung:	This policy setting determines whether LAN Manager is prevented;from storing hash values for the new password the next time the password is changed. Hash values are;a representation of the password after the encryption algorithm is applied that corresponds to the;format that is specified by the algorithm. To decrypt the hash value, the encryption algorithm must;be determined and then reversed. The LAN Manager hash is relatively weak and prone to attack;compared to the cryptographically stronger NTLM hash. Because the LM hash is stored on the local;device in the security database, the passwords can be compromised if the security database, Security;Accounts Manager (SAM), is attacked.;;By attacking the SAM file, attackers can potentially gain access to user names and password hashes.;Attackers can use a password-cracking tool to determine what the password is. After they have access;to this information, they can use it to gain access to resources on your network by impersonating;users. Enabling this policy setting will not prevent these types of attacks, but it will make them;much more difficult.;;(C) Microsoft Corporation 2015.
Beschreibung:	Summary: This policy setting determines whether LAN Manager is prevented from storing hash values for the new password the next time the password is changed. Hash values are a representation of the password after the encryption algorithm is applied that corresponds to the format that is specified by the algorithm. To decrypt the hash value, the encryption algorithm must be determined and then reversed. The LAN Manager hash is relatively weak and prone to attack compared to the cryptographically stronger NTLM hash. Because the LM hash is stored on the local device in the security database, the passwords can be compromised if the security database, Security Accounts Manager (SAM), is attacked. By attacking the SAM file, attackers can potentially gain access to user names and password hashes. Attackers can use a password-cracking tool to determine what the password is. After they have access to this information, they can use it to gain access to resources on your network by impersonating users. Enabling this policy setting will not prevent these types of attacks, but it will make them much more difficult. (C) Microsoft Corporation 2015. CVSS Score: 0.0 CVSS Vector: AV:L/AC:H/Au:S/C:N/I:N/A:N
Copyright	Copyright (C) 2018 Greenbone Networks GmbH