Minimum Password Age Set to Zero

ID: minimum-password-age-zero

Severity: medium

Author: princechaddha

Tags: windows, password, policy, code, windows-audit

Description

Checks if the minimum password age is set to zero, allowing immediate password changes and potential reuse.

YAML Source

id: minimum-password-age-zero

info:
  name: Minimum Password Age Set to Zero
  author: princechaddha
  severity: medium
  description: Checks if the minimum password age is set to zero, allowing immediate password changes and potential reuse.
  impact: |
    Allowing a password age of zero may lead to the rapid reuse of weak passwords, reducing account security.
  remediation: |
    Set a reasonable minimum password age to prevent users from reusing old passwords frequently.
  tags: windows, password, policy, code, windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - cmd
    args:
      - /c
    pattern: "*.cmd"
    source: |
      net accounts

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Minimum password age (days):                          0"
        negative: true

      - type: word
        words:
          - "Minimum password age"
# digest: 4a0a004730450220290c173453310c97a4cf343b2305a0dda63b10bab7b977502b2e9b8ceb74c74c022100e01f81b587d051cca84137419943af7eccbb4fb82b4e009e97399d44f355ab0f:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "code/windows/audit/minimum-password-age-zero.yaml"

View on Github