Fixing Weak Lan Manager

Hi everybody!

Im working in fixing the vulnerability/misconfigurations that InsightVM detects as “Weak Lan Manager hashing permitted”. To test the fix I have created a Windows virtual machine and install Rapid7 agent.

Here you can see the details of the vulnerability:


The check that VM, as far as I understand, is to check if the registry key “LMCompatibilty” exist. If it doesnt then the vulnerability is not resolved.


VM suggests the same as Microsoft
Create the key and set it to 5.


Then I check the Local security policy → Network security: Do not store LAN Manager hash value on next password change. (the screenshot is in spanish, but thats the policy…) Its enabled.


Then I wait to the reporting of the agent. The vulnerabilty is not resolved.

Any ideas why?

Anybody has fixed this in their infraestructure?