Title

Basic authentication for RSS feeds over HTTP must be turned off. (Cat II impact)

Discussion

Basic authentication uses plain text passwords that could be used to compromise a system.

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Microsoft\Internet Explorer\Feeds\ Value Name: AllowBasicAuthInClear Type: REG_DWORD Value: 0

Fix Text

Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> RSS Feeds -> "Turn on Basic feed authentication over HTTP" to "Disabled".

Additional Identifiers

Rule ID:

Vulnerability ID: V-36709

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.