Check: 3.057
Windows XP STIG:
3.057
(in versions v6 r1.32 through v1 r0)
Title
Reversible password encryption is not disabled. (Cat II impact)
Discussion
Storing passwords using reversible encryption is essentially the same as storing clear-text versions of the passwords. For this reason, this policy should never be enabled.
Check Content
Analyze the system using the Security Configuration and Analysis snap-in. Expand the Security Configuration and Analysis tree view. Navigate to Account Policies -> Password Policy. If the value for “Store password using reversible encryption for all users in the domain” is not disabled, then this is a finding.
Fix Text
Configure the system to prevent passwords from being saved using reverse encryption.
Additional Identifiers
Rule ID: SV-29687r1_rule
Vulnerability ID: V-2372
Group Title: Reversible Password Encryption
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |