Windows Password Expiry Setting Check Vulnerability

漏洞信息

漏洞名称: Windows Password Expiry Setting Check Vulnerability

漏洞类型: 弱口令

漏洞等级: 中危

漏洞描述: 该漏洞涉及Windows操作系统中用户账户的密码过期设置问题。具体来说,当用户账户的“密码永不过期”设置被启用时,这将覆盖最大密码年龄策略,阻止其有效执行,从而增加了凭证被泄露的可能性。

受影响产品: Windows操作系统是全球广泛使用的操作系统之一,广泛应用于个人电脑、企业服务器等多种场景。此漏洞影响所有配置了“密码永不过期”设置的本地活跃用户账户。

漏洞解释: 此漏洞属于弱口令问题,其技术根源在于密码策略的执行被不当设置所覆盖。具体来说,当管理员或用户手动启用了“密码永不过期”选项时,系统将不再强制用户定期更换密码,这违反了最佳安全实践,可能导致使用弱密码或长期不变的密码,从而增加了系统被未授权访问的风险。

影响分析: 此漏洞的主要安全风险在于增加了凭证泄露的可能性。由于密码不会过期,攻击者有更多时间尝试破解密码或利用泄露的凭证进行未授权访问。此外,这种设置可能违反某些合规性要求,如PCI DSS或ISO 27001,这些标准通常要求定期更换密码以降低安全风险。值得注意的是,利用此漏洞不需要特定的认证条件,且可以通过自动化工具进行检测和利用。

产品厂商: Microsoft

产品名称: Windows

来源: https://github.com/projectdiscovery/nuclei-templates/blob/b740ee6791c0a6d36cac233d23a096ba91d2f060/code%2Fwindows%2Faudit%2Fkisa%2Fpassword-never-expires.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

id: password-never-expires

info:
  name: Password Expiry Setting Check
  author: nukunga[SungHyunJeon]
  severity: medium
  description:
    Ensure the "Password never expires" setting is disabled for all active user accounts so that password expiration policies can be enforced effectively.
  impact: |
    Enabling the "Password never expires" setting overrides the maximum password age policy, preventing its enforcement and increasing the likelihood of credential compromise.
  remediation: |
    Disable the "Password never expires" setting using one of the following methods:
    - Command Line: > wmic useraccount where name="USERNAME" set passwordexpires=true
    - GUI: Use Local Security Policy to modify the user account settings accordingly.
  reference:
    - https://isms.kisa.or.kr/main/csap/notice/?boardId=bbs_0000000000000004&mode=view&cntId=85
  tags: code,windows-audit,kisa,account-management,password-policy

self-contained: true

code:
  - pre-condition: |
      IsWindows();

    engine:
      - powershell
      - powershell.exe

    args:
      - -ExecutionPolicy
      - Bypass

    pattern: "*.ps1"

    source: |
      # Check all local, active user accounts for the password expiry setting
      $users = Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount=True and Disabled=False"
      $vulnerable = $users | Where-Object { $_.PasswordExpires -eq $false }
      if ($vulnerable) {
          "PASSWORD_NEVER_EXPIRES_ENABLED"
      } else {
          "PASSWORD_NEVER_EXPIRES_DISABLED"
      }

    matchers:
      - type: word
        words:
          - "PASSWORD_NEVER_EXPIRES_ENABLED"

Github Poc
#projectdiscovery/nuclei-templates:github issues #弱口令
Windows Password Expiry Setting Check Vulnerability
http://example.com/2025/07/10/github_1519212792/
作者
lianccc
发布于
2025年7月10日
许可协议