An error occurred:

Check: 3.057

Windows 2003 MS STIG: 3.057 (in version v6 r37)

Title

Reversible password encryption is not disabled. (Cat II impact)

Discussion

Storing passwords using reversible encryption is essentially the same as storing clear-text versions of the passwords. For this reason, this policy should never be enabled.

Check Content

Analyze the system using the Security Configuration and Analysis snap-in. Expand the Security Configuration and Analysis tree view. Navigate to Account Policies -> Password Policy. If the value for “Store password using reversible encryption” is not disabled, then this is a finding.

Fix Text

Configure the system to prevent passwords from being saved using reverse encryption.

Additional Identifiers

Rule ID: SV-2372r1_rule

Vulnerability ID: V-2372

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000196

The information system, for password-based authentication, stores only cryptographically-protected passwords.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-5(1)

Password-based Authentication