Dormancy account

If the account is not used for a long time (for example, a year or more) and is active, has left the company personnel may still can access the account.This user account management becomes more complex.

If the lack of consistency, account management strategy leads to retain some due to employee turnover or old application or system abandoned and disabled user account.
In case of password leaked, others can use these inactive accounts to unauthorized access of the company's assets, resulting in security risks.In addition, owing to the accounts of the authentication key is no longer updated, so are more likely to invasion by the attacker.
In order to effectively manage directory access permissions, it is better to disable all unused directory account.

The name of the:Dormancy account

Code name:C - SLEEPING - ACCOUNTS

severity:Medium