Check: WN12-CC-000106
Microsoft Windows Server 2012/2012 R2 Domain Controller STIG:
WN12-CC-000106
(in versions v3 r7 through v2 r7)
Title
Basic authentication for RSS feeds over HTTP must be turned off. (Cat II impact)
Discussion
Basic authentication uses plain text passwords that could be used to compromise a system.
Check Content
If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Microsoft\Internet Explorer\Feeds\ Value Name: AllowBasicAuthInClear Type: REG_DWORD Value: 0
Fix Text
Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> RSS Feeds -> "Turn on Basic feed authentication over HTTP" to "Disabled".
Additional Identifiers
Rule ID: SV-226206r794442_rule
Vulnerability ID: V-226206
Group Title: SRG-OS-000095-GPOS-00049
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |