Cached credentials are limited to one previous logon.
Topic
Protecting credentials
Applicable to
all
History
Mar 2022
Cached credentials are limited to one previous logon.
When using Microsoft Windows systems, cached credentials are stored in the Security Accounts Manager database and can allow a user to logon to a workstation that they have previously logged onto even if the domain is not available. Whilst this functionality may be desirable from an availability perspective, this functionality can be abused by an adversary who can retrieve these cached credentials. To reduce this risk, cached credentials should be limited to only one previous logon.