Check: 3.057
Win2k8 R2 Audit:
3.057
(in version v1 r8)
Title
Reversible password encryption will be disabled. (Cat II impact)
Discussion
Storing passwords using reversible encryption is essentially the same as storing clear-text versions of the passwords. For this reason, this policy should never be enabled.
Check Content
Fix Text
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy -> “Store password using reversible encryption” to "Disabled".
Additional Identifiers
Rule ID: SV-32314r1_rule
Vulnerability ID: V-2372
Group Title: Reversible Password Encryption
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |