Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-243474 | AD.0014 | SV-243474r723457_rule | Medium |
Description |
---|
NT hashes of passwords for accounts that are not changed regularly are susceptible to reuse by attackers using Pass-the-Hash. Windows service \ application account passwords are not typically changed for longer periods of time to ensure availability of the applications. If a service \ application also has administrative privileges it will provide elevated access if compromised. |
STIG | Date |
---|---|
Active Directory Domain Security Technical Implementation Guide | 2022-08-26 |
Check Text ( C-46749r723455_chk ) |
---|
If no Windows service \ application accounts with manually managed passwords have administrative privileges, this is NA. Verify Windows service \ application accounts with administrative privileges and manually managed passwords, have passwords changed at least every 60 days. |
Fix Text (F-46706r723456_fix) |
---|
If no Windows service \ application accounts with manually managed passwords have administrative privileges, this is NA. Change passwords for Windows service \ application accounts with administrative privileges and manually managed passwords, at least every 60 days. |