Authentication

Password policy does not block too many logon attempts

Description

Password Policy is the set of rules that defines the password a RAM user can choose, and additional logon settings. If logon attempts are not restricted, methodologies such as Brute Force attacks, where the attacker tries a large amount of passwords, may be used to steal a RAM user's credentials. The cloud account {CloudAccount} was found to have too weak policy.
  • Recommended Mitigation

    Review the password policy and make sure the password logon attempts are restricted to 5 or less.