Policy : Microsoft Windows: Network security: Do not store LAN Manager hash value on next password change

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.109233

Category: Policy

Title: Microsoft Windows: Network security: Do not store LAN Manager hash value on next password change

Summary: This policy setting determines whether LAN Manager is prevented;from storing hash values for the new password the next time the password is changed. Hash values are;a representation of the password after the encryption algorithm is applied that corresponds to the;format that is specified by the algorithm. To decrypt the hash value, the encryption algorithm must;be determined and then reversed. The LAN Manager hash is relatively weak and prone to attack;compared to the cryptographically stronger NTLM hash. Because the LM hash is stored on the local;device in the security database, the passwords can be compromised if the security database, Security;Accounts Manager (SAM), is attacked.;;By attacking the SAM file, attackers can potentially gain access to user names and password hashes.;Attackers can use a password-cracking tool to determine what the password is. After they have access;to this information, they can use it to gain access to resources on your network by impersonating;users. Enabling this policy setting will not prevent these types of attacks, but it will make them;much more difficult.;;(C) Microsoft Corporation 2015.

Description: Summary:
This policy setting determines whether LAN Manager is prevented
from storing hash values for the new password the next time the password is changed. Hash values are
a representation of the password after the encryption algorithm is applied that corresponds to the
format that is specified by the algorithm. To decrypt the hash value, the encryption algorithm must
be determined and then reversed. The LAN Manager hash is relatively weak and prone to attack
compared to the cryptographically stronger NTLM hash. Because the LM hash is stored on the local
device in the security database, the passwords can be compromised if the security database, Security
Accounts Manager (SAM), is attacked.

By attacking the SAM file, attackers can potentially gain access to user names and password hashes.
Attackers can use a password-cracking tool to determine what the password is. After they have access
to this information, they can use it to gain access to resources on your network by impersonating
users. Enabling this policy setting will not prevent these types of attacks, but it will make them
much more difficult.

(C) Microsoft Corporation 2015.

CVSS Score:
0.0

CVSS Vector:
AV:L/AC:H/Au:S/C:N/I:N/A:N

Copyright Copyright (C) 2018 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.109233
Category:	Policy
Title:	Microsoft Windows: Network security: Do not store LAN Manager hash value on next password change
Summary:	This policy setting determines whether LAN Manager is prevented;from storing hash values for the new password the next time the password is changed. Hash values are;a representation of the password after the encryption algorithm is applied that corresponds to the;format that is specified by the algorithm. To decrypt the hash value, the encryption algorithm must;be determined and then reversed. The LAN Manager hash is relatively weak and prone to attack;compared to the cryptographically stronger NTLM hash. Because the LM hash is stored on the local;device in the security database, the passwords can be compromised if the security database, Security;Accounts Manager (SAM), is attacked.;;By attacking the SAM file, attackers can potentially gain access to user names and password hashes.;Attackers can use a password-cracking tool to determine what the password is. After they have access;to this information, they can use it to gain access to resources on your network by impersonating;users. Enabling this policy setting will not prevent these types of attacks, but it will make them;much more difficult.;;(C) Microsoft Corporation 2015.
Description:	Summary: This policy setting determines whether LAN Manager is prevented from storing hash values for the new password the next time the password is changed. Hash values are a representation of the password after the encryption algorithm is applied that corresponds to the format that is specified by the algorithm. To decrypt the hash value, the encryption algorithm must be determined and then reversed. The LAN Manager hash is relatively weak and prone to attack compared to the cryptographically stronger NTLM hash. Because the LM hash is stored on the local device in the security database, the passwords can be compromised if the security database, Security Accounts Manager (SAM), is attacked. By attacking the SAM file, attackers can potentially gain access to user names and password hashes. Attackers can use a password-cracking tool to determine what the password is. After they have access to this information, they can use it to gain access to resources on your network by impersonating users. Enabling this policy setting will not prevent these types of attacks, but it will make them much more difficult. (C) Microsoft Corporation 2015. CVSS Score: 0.0 CVSS Vector: AV:L/AC:H/Au:S/C:N/I:N/A:N
Copyright	Copyright (C) 2018 Greenbone Networks GmbH