User Account Policy Disabled Accounts

1980-01-01T00:00:00
ID OSVDB:752
Type osvdb
Reporter OSVDB
Modified 1980-01-01T00:00:00

Description

Vulnerability Description

System administrators will often disable an account after it is no longer being used. This is intended to lock the account out so that it may not be used until the administrator re-enables it. Historically, there have been several vulnerabilities that affect system behavior in regards to disabled accounts. Such vulnerabilities have allowed attackers to log into these accounts by bypassing the lockout. Administrators may also make global account changes that inadvertantly affect disabled accounts.

Solution Description

Administrators should maintain a strong user account policy which includes deleting accounts instead of disabling them.

Short Description

System administrators will often disable an account after it is no longer being used. This is intended to lock the account out so that it may not be used until the administrator re-enables it. Historically, there have been several vulnerabilities that affect system behavior in regards to disabled accounts. Such vulnerabilities have allowed attackers to log into these accounts by bypassing the lockout. Administrators may also make global account changes that inadvertantly affect disabled accounts.

References:

Related OSVDB ID: 754 Related OSVDB ID: 755 Related OSVDB ID: 751 Nessus Plugin ID:10911 Nessus Plugin ID:10913