An error occurred:

Check: 3.057

Windows Vista STIG: 3.057 (in versions v6 r42 through v6 r41)

Title

Reversible password encryption is not disabled. (Cat II impact)

Discussion

Storing passwords using reversible encryption is essentially the same as storing clear-text versions of the passwords. For this reason, this policy should never be enabled.

Check Content

Analyze the system using the Security Configuration and Analysis snap-in. Expand the Security Configuration and Analysis tree view. Navigate to Account Policies -> Password Policy. If the value for “Store password using reversible encryption for all users in the domain” is not disabled, then this is a finding.

Fix Text

Configure the system to prevent passwords from being saved using reverse encryption.

Additional Identifiers

Rule ID: SV-29688r1_rule

Vulnerability ID: V-2372

Group Title: Reversible Password Encryption

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000196

The information system, for password-based authentication, stores only cryptographically-protected passwords.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-5 (1)

Password-Based Authentication