Title

The Password Manager must be disabled. (Cat II impact)

Discussion

Enable Microsoft Edge to save user passwords. If this policy is enabled, users can save their passwords in Microsoft Edge. The next time the user visits the site, Microsoft Edge will enter the password automatically.

Check Content

The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Password manager and protection/Enable saving passwords to the password manager" must be set to "disabled". Use the Windows Registry Editor to navigate to the following key: HKLM\SOFTWARE\Policies\Microsoft\Edge If the value for "PasswordManagerEnabled" is not set to "REG_DWORD = 0", this is a finding.

Fix Text

Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Password manager and protection/Enable saving passwords to the password manager" to "disabled".

Additional Identifiers

Rule ID: SV-235756r879773_rule

Vulnerability ID: V-235756

Group Title: SRG-APP-000400

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.