Title

The Exchange IMAP4 service must be disabled. (Cat II impact)

Discussion

The IMAP4 protocol is not approved for use within the DoD. It uses a clear-text-based user name and password and does not support the DoD standard for PKI for email access. User name and password could easily be captured from the network, allowing a malicious user to access other system features. Uninstalling or disabling the service will prevent the use of the IMAP4 protocol.

Check Content

Open the Windows Power Shell and enter the following command: Get-ItemProperty 'hklm:\system\currentcontrolset\services\MSExchangeIMAP4be' | Select Start Note: The hklm:\system\currentcontrolset\services\MSExchangeIMAP4 value must be in quotes. If the value of Start is not set to 4, this is a finding.

Fix Text

Open the Windows Power Shell and enter the following command: services.msc Navigate to and double-click on Microsoft Exchange IMAP4 Backend. Click on the "General" tab. In the Startup Type: dropdown, select Disabled. Click the OK button.

Additional Identifiers

Rule ID: SV-207284r960963_rule

Vulnerability ID: V-207284

Group Title: SRG-APP-000141

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.