Title

Offline Mode capability to cache queries for offline mode must be configured. (Cat II impact)

Discussion

InfoPath can function in online mode or offline mode. It can also cache queries for use in offline mode. If offline mode is used and cached queries are enabled, sensitive information contained in the cache could be at risk. By default, InfoPath is in online mode, but offline mode is available to users. Users can also cache queries for use in offline mode.

Check Content

Verify the policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2013 -> InfoPath Options -> Advanced -> Offline "Offline Mode status" is set to "Enabled (Enabled, InfoPath not in Offline Mode)". Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\15.0\InfoPath\editor\offline Criteria: If the value CachedModeStatus is REG_DWORD = 2, this is not a finding.

Fix Text

Set the policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2013 -> InfoPath Options -> Advanced -> Offline "Offline Mode status" to "Enabled (Enabled, InfoPath not in Offline Mode)".

Additional Identifiers

Rule ID: SV-53335r2_rule

Vulnerability ID: V-17758

Group Title: DTOO156 - Offline Mode Cache

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.