id: password-reset-lock-screen-enabled

info:
  name: Password Reset from Lock Screen Enabled
  author: princechaddha
  severity: medium
  description: Checks if password reset options are available on the lock screen, which can lead to unauthorized access.
  impact: |
    Allowing password resets from the lock screen could permit attackers to reset passwords without authorization.
  remediation: |
    Disable password reset options on the lock screen.
  tags: password,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      if ((Get-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System' -Name 'DisablePasswordReset' -ErrorAction SilentlyContinue).DisablePasswordReset -eq 0) { "Password reset from lock screen is enabled." }

    matchers:
      - type: word
        words:
          - "Password reset from lock screen is enabled."
# digest: 490a00463044022048ae19ac14907b95659c4736329c0a31383aff9a2e604eb0039e2b05c345fabb02207655766cc4c233815e7a8a8af66ca1f166886dc9a999cc22bac2ffdd8d176f87:922c64590222798bb761d5b6d8e72950