CCE-45268-0Platform: cpe:/o:microsoft:windows_server_2016 | Date: (C)2017-08-03 (M)2023-07-04 |
Enables management of password for local administrator account
If you enable this setting, local administrator password is managed
If you disable or not configure this setting, local administrator password is NOT managed
Vulnerability:
Disabling or not configuring this setting can compromise security as it may allow a malicious agent to reverse engineer a password that is not managed.
Counter Measure:
Enable this setting.
Potential Impact:
Local administrator passwords are changed as managed.
Fix:
(1) GPO: Computer ConfigurationAdministrative TemplatesLAPSEnable local admin password management
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoft ServicesAdmPwd!AdmPwdEnabled
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\LAPS\Enable local admin password management
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft Services\AdmPwd!AdmPwdEnabled
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.1 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:40186 |