Password History Size Too Low

ID: password-history-size-low

Severity: medium

Author: princechaddha

Tags: password,history,code,windows-audit

Description

Checks if the password history count is too low or not configured, allowing password reuse.

YAML Source

id: password-history-size-low

info:
  name: Password History Size Too Low
  author: princechaddha
  severity: medium
  description: Checks if the password history count is too low or not configured, allowing password reuse.
  impact: |
    A low or unset password history setting may allow users to reuse recently used passwords, increasing the risk of password compromise.
  remediation: |
    Increase the password history count to at least 24 previous passwords to prevent rapid reuse of old passwords.
  tags: password,history,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      $policy = Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name 'PasswordHistorySize' -ErrorAction SilentlyContinue; if ($null -eq $policy.PasswordHistorySize -or $policy.PasswordHistorySize -lt 24) { "Password history size is too low or not configured." }

    matchers:
      - type: word
        words:
          - "Password history size is too low or not configured."
# digest: 490a0046304402203e0102b187d0183a2057d5c8c378c59de1d3be9b3ac4e084186d449a42eaed2502205b7e4e1790f8bc3f7bc32838460f9c829cee60791954b8ff6c7fed09cd0bbf09:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "code/windows/audit/password-history-size-low.yaml"

View on Github