Check or Attack Name: guestblankpw

The Guest account has no password. Any individual can log in to this account with any user name and any password.

This issue applies for both enabled and disabled Guest accounts. Although disabled accounts are less of a concern, an attacker may be able to enable the Guest account at a later time if they have already succeeded in compromising the network.

Set the Guest password to a minimum length of seven characters and change the password.

To set the minimum password length, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the Guest account.
3. From the Policies menu, select Account.
4. For the Minimum Password Length, require a minimum length of at least seven characters.
5. Click OK.

—AND—

To change the password, follow these steps:

1. Open User Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), User Manager.
2. Select the Guest account.
3. From the User menu, select Properties.
4. In the Password field, change the password.
5. In the Confirm Password field, confirm the password.
6. Click OK.