Title

Unauthorized accounts will not have the "Bypass traverse checking" user right. (Cat III impact)

Discussion

Inappropriate granting of user rights can provide system, administrative, and other high level capabilities. Accounts with the "Bypass traverse checking" right can pass through folders when browsing even if they do not have the Traverse Folder access permission. They could potentially view sensitive file and folder names. They would not have additional access to the files and folders unless it is granted through permissions.

Check Content

Fix Text

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> "Bypass traverse checking" as defined in the Check section.

Additional Identifiers

Rule ID: SV-33383r1_rule

Vulnerability ID: V-26475

Group Title: Bypass traverse checking

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.