The following table describes the vulnerabilities identified in the pre-defined Active Directory Discovery for Discovery.
|
|
NOTE: Discovery techniques are used by adversaries to avoid detection. Evasion techniques include hiding malicious code within trusted processes and folders, encrypting or obfuscating adversary code, or disabling security software. |
| Vulnerability Template | Vulnerability | Risk | What to find |
|---|---|---|---|
| Account password last changed |
Name: Tier Zero user accounts whose passwords have not changed recently Default Scope: Tier Zero users |
Administrator accounts with passwords that are not cycled regularly are more susceptible to brute force password cracking attempts. If a password manager or multi-factor authentication is not used, passwords should be updated a minimum of every 90 days. Remediation: To resolve vulnerability, update the administrator password and enforce a password policy to ensure the administrator account password is updated regularly. |
Accounts in scope that have not updated their password within last 180 days |