"Minimum password age:" Minimum number of days a password should be used without changing it. "Password history:" Number of unique passwords that must be used before an user can re-use his old password. Users have to change their password once the maximum password age is reached. If the minimum password age is not configured, users can rechange their password repeatedly until the old password exceeds the password history length. This allows him to set his old password again within minutes. To prevent this, users must not be allowed to change his new password for at least 2 days.
Severity
Low
Category
Password Policy
Resolution
Follow the below steps in GPO to resolve the misconfiguration.
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy -> "Minimum Password Age" to at least "2" day.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
