Policy : Microsoft Windows: Network security: Do not store LAN Manager hash value on next password change

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.109233

Categoría: Policy

Título: Microsoft Windows: Network security: Do not store LAN Manager hash value on next password change

Resumen: This policy setting determines whether LAN Manager is prevented;from storing hash values for the new password the next time the password is changed. Hash values are;a representation of the password after the encryption algorithm is applied that corresponds to the;format that is specified by the algorithm. To decrypt the hash value, the encryption algorithm must;be determined and then reversed. The LAN Manager hash is relatively weak and prone to attack;compared to the cryptographically stronger NTLM hash. Because the LM hash is stored on the local;device in the security database, the passwords can be compromised if the security database, Security;Accounts Manager (SAM), is attacked.;;By attacking the SAM file, attackers can potentially gain access to user names and password hashes.;Attackers can use a password-cracking tool to determine what the password is. After they have access;to this information, they can use it to gain access to resources on your network by impersonating;users. Enabling this policy setting will not prevent these types of attacks, but it will make them;much more difficult.;;(C) Microsoft Corporation 2015.

Descripción: Summary:
This policy setting determines whether LAN Manager is prevented
from storing hash values for the new password the next time the password is changed. Hash values are
a representation of the password after the encryption algorithm is applied that corresponds to the
format that is specified by the algorithm. To decrypt the hash value, the encryption algorithm must
be determined and then reversed. The LAN Manager hash is relatively weak and prone to attack
compared to the cryptographically stronger NTLM hash. Because the LM hash is stored on the local
device in the security database, the passwords can be compromised if the security database, Security
Accounts Manager (SAM), is attacked.

By attacking the SAM file, attackers can potentially gain access to user names and password hashes.
Attackers can use a password-cracking tool to determine what the password is. After they have access
to this information, they can use it to gain access to resources on your network by impersonating
users. Enabling this policy setting will not prevent these types of attacks, but it will make them
much more difficult.

(C) Microsoft Corporation 2015.

CVSS Score:
0.0

CVSS Vector:
AV:L/AC:H/Au:S/C:N/I:N/A:N

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.109233
Categoría:	Policy
Título:	Microsoft Windows: Network security: Do not store LAN Manager hash value on next password change
Resumen:	This policy setting determines whether LAN Manager is prevented;from storing hash values for the new password the next time the password is changed. Hash values are;a representation of the password after the encryption algorithm is applied that corresponds to the;format that is specified by the algorithm. To decrypt the hash value, the encryption algorithm must;be determined and then reversed. The LAN Manager hash is relatively weak and prone to attack;compared to the cryptographically stronger NTLM hash. Because the LM hash is stored on the local;device in the security database, the passwords can be compromised if the security database, Security;Accounts Manager (SAM), is attacked.;;By attacking the SAM file, attackers can potentially gain access to user names and password hashes.;Attackers can use a password-cracking tool to determine what the password is. After they have access;to this information, they can use it to gain access to resources on your network by impersonating;users. Enabling this policy setting will not prevent these types of attacks, but it will make them;much more difficult.;;(C) Microsoft Corporation 2015.
Descripción:	Summary: This policy setting determines whether LAN Manager is prevented from storing hash values for the new password the next time the password is changed. Hash values are a representation of the password after the encryption algorithm is applied that corresponds to the format that is specified by the algorithm. To decrypt the hash value, the encryption algorithm must be determined and then reversed. The LAN Manager hash is relatively weak and prone to attack compared to the cryptographically stronger NTLM hash. Because the LM hash is stored on the local device in the security database, the passwords can be compromised if the security database, Security Accounts Manager (SAM), is attacked. By attacking the SAM file, attackers can potentially gain access to user names and password hashes. Attackers can use a password-cracking tool to determine what the password is. After they have access to this information, they can use it to gain access to resources on your network by impersonating users. Enabling this policy setting will not prevent these types of attacks, but it will make them much more difficult. (C) Microsoft Corporation 2015. CVSS Score: 0.0 CVSS Vector: AV:L/AC:H/Au:S/C:N/I:N/A:N
Copyright	Copyright (C) 2018 Greenbone Networks GmbH