Microsoft Windows SMB Registry : Winlogon Cached Password Weakness

Nessus Description

The registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount is non-null. It means that the remote host locally caches the passwords of the users when they log in, in order to continue to allow the users to log in in the case of the failure of the PDC.

Solution

use regedt32 and set the value of this key to 0

Fix on standalone Windows systems

REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "CachedLogonsCount "  /t REG_SZ /d 0

Fix via Group Policy

References