Password = username (Windows)

Module: Password Strength

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check iterates through all user accounts and reports when a password and username are identical. The check is not as rigorous as "Password = any username" and is provided for systems with a large number of user accounts. If an audit using "Password = any username" takes too long or is too CPU intensive, you might want to use this check on a daily basis, and "Password = any username" on the weekends. This check is currently not supported on Itanium based and 64-bit server systems.

The following table lists the error messages for the check.

Table: Error messages for Password = username

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: ESM_GUESSPASS Category: Policy Compliance	Windows 2000 (105337) Windows 2003 (205337) Windows 2008 (248337) Windows Vista (228337) Windows XP (200337)	Title: Guessed user password Description:Symantec ESM guessed the account password. An intruder can also guess this password while trying to break into your system. Immediately assign a secure password to this account. Instruct the user to log on using the secure password and then to change the password again. A secure password should have six to eight characters with at least one non-alphabetic character. A secure password should not match an account or host name, and should not be found in any dictionary.	Severity: red-4 Correctable: true Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: ESM_DISABLED_GUESSPASS Category: Policy Compliance	Windows 2000 (105342) Windows 2003 (205342) Windows 2008 (248342) Windows Vista (228342) Windows XP (200342)	Title: Guessed user password on disabled account Description:Symantec ESM guessed the password of this disabled account. This can be a security problem if the account is re-activated. Assign a secure password to this account or remove it. A secure password should have six to eight characters with at least one non-alphabetic character. A secure password should not match an account or host name, and should not be found in any dictionary.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_GUESSPASS

Category: Policy Compliance

Windows 2000 (105337)
Windows 2003 (205337)
Windows 2008 (248337)
Windows Vista (228337)
Windows XP (200337)

Title: Guessed user password

Description:Symantec ESM guessed the account password. An intruder can also guess this password while trying to break into your system. Immediately assign a secure password to this account. Instruct the user to log on using the secure password and then to change the password again. A secure password should have six to eight characters with at least one non-alphabetic character. A secure password should not match an account or host name, and should not be found in any dictionary.

Severity: red-4

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESM_DISABLED_GUESSPASS

Category: Policy Compliance

Windows 2000 (105342)
Windows 2003 (205342)
Windows 2008 (248342)
Windows Vista (228342)
Windows XP (200342)

Title: Guessed user password on disabled account

Description:Symantec ESM guessed the password of this disabled account. This can be a security problem if the account is re-activated. Assign a secure password to this account or remove it. A secure password should have six to eight characters with at least one non-alphabetic character. A secure password should not match an account or host name, and should not be found in any dictionary.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]