The following table describes the vulnerabilities identified in the pre-defined Active Directory Discovery for Discovery.
Vulnerability Template | Vulnerability | Risk | What to find |
---|---|---|---|
Account password last changed |
Name: Tier Zero user accounts whose passwords have not changed recently Default Scope: Tier Zero users |
Administrator accounts with passwords that are not cycled regularly are more susceptible to brute force password cracking attempts. If a password manager or multi-factor authentication is not used, passwords should be updated a minimum of every 90 days. Remediation: To resolve vulnerability, update the administrator password and enforce a password policy to ensure the administrator account password is updated regularly. |
Accounts in scope that have not updated their password within last 180 days |