CCE-99666-0Platform: cpe:/o:microsoft:windows_server_2019 | Date: (C)2022-11-22 (M)2023-07-04 |
The Maximum lifetime for user ticket policy setting determines the maximum amount of time (in hours) that a user's
ticket-granting ticket can be used. When a user's ticket-granting ticket expires, a new one must be requested or the existing one must be
renewed. The possible values for this Group Policy setting are: * A user-defined number of hours from 0 through 99,999 * Not defined. If the
value for this policy setting is too high, users might be able to access network resources outside of their logon hours, or users whose
accounts have been disabled might be able to continue to access network services by using valid service tickets that were issued before their
account was disabled. If the value is set to 0, ticket-granting tickets never expire.
Parameter:
[Hours]
Technical Mechanism:
Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy\Maximum lifetime for user ticket
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.1 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:85622 |