Hi Guys do you guys get this in scans even though its disabled ??
CIFS Account lock out policy allows Brute forcing
CIFS Account Password Never expires
Thanks
Nick
CIFS Account Password Never expires is reporting on local computer accounts that have their password set to expire.
For us, it is reporting on a Windows LAPS managed account. Rapid7 support said they have an enhancement open to handle Windows LAPS managed accounts.
“As per our internal team, this case has been investigated and shows that we currently have an existing enhancement request regarding false detection on “cifs-acct-password-never-expires” vulnerability managed by LAPS. We can associate this case with the existing enhancement (IDEA) ticket to add traction to the request.”
I am wondering if there has been any more traction on this issue. I also have the same issue in my environment and haven’t heard anything new for a while.