The following table describes the vulnerabilities identified in the pre-defined Active Directory Discovery for Discovery.

Vulnerability Template Vulnerability Risk What to find
Account password last changed

Name:

Tier Zero user accounts whose passwords have not changed recently

Default Scope:

Tier Zero users

Administrator accounts with passwords that are not cycled regularly are more susceptible to brute force password cracking attempts. If a password manager or multi-factor authentication is not used, passwords should be updated a minimum of every 90 days.

Remediation:

To resolve vulnerability, update the administrator password and enforce a password policy to ensure the administrator account password is updated regularly.

Accounts in scope that have not updated their password within last 180 days