Navigate

Check: WN12-CC-000076

Microsoft Windows Server 2012/2012 R2 Domain Controller STIG: WN12-CC-000076 (in versions v3 r7 through v2 r7)

Title

The password reveal button must not be displayed. (Cat II impact)

Discussion

Visible passwords may be seen by nearby persons, compromising them. The password reveal button can be used to display an entered password and must not be allowed.

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Microsoft\Windows\CredUI\ Value Name: DisablePasswordReveal Type: REG_DWORD Value: 1

Fix Text

Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Credential User Interface -> "Do not display the password reveal button" to "Enabled".

Additional Identifiers

Rule ID: SV-226188r794410_rule

Vulnerability ID: V-226188

Group Title: SRG-OS-000079-GPOS-00047

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000206	Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-6	Authenticator Feedback