User account has a password the same as the account name

Risk Level: High risk vulnerability  High

Check or Attack Name: accountuserpw
Platforms: Windows NT
Description:

A User account with the password set to the account name was detected. An attacker could use this account to gain access to sensitive information.
Remedy:

Set the user password to a minimum length of seven characters and change the password.

To set the minimum password length, follow these steps:

  1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
  2. Select the user account.
  3. From the Policies menu, select Account to display the Account Policy dialog box.
  4. Under Minimum Password Length, configure at least seven characters.
  5. Click OK.

—AND—

To change the password, follow these steps:

  1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
  2. Select the user account.
  3. From the User menu, select Properties to display the User Properties dialog box.
  4. In the Password field, change the password.
  5. In the Confirm Password field, confirm the password.
  6. Click OK.
References:
X-Force Logo
Know Your Risks