CCE-15126-6| Platform: cpe:/o:microsoft:windows_10 | Date: (C)2022-11-15 (M)2023-07-04 |
Basic authentication uses plain text passwords that could be used to compromise a system.
Fix:
The default behavior is for the Windows RSS platform to not use Basic authentication over HTTP connections.
If this needs to be corrected, configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> RSS Feeds >> "Turn on Basic feed authentication over HTTP" to "Not Configured" or "Disabled".
Parameter:
[enable/disable]
Technical Mechanism:
The default behavior is for the Windows RSS platform to not use Basic authentication over HTTP connections.
If this needs to be corrected, configure the policy value for Computer Configuration Administrative Templates Windows Components RSS Feeds "Turn on Basic feed authentication over HTTP" to "Not Configured" or "Disabled".
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 7.3 | Attack Vector: LOCAL |
| Exploit Score: 1.8 | Attack Complexity: LOW |
| Impact Score: 5.5 | Privileges Required: LOW |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: LOW |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:85522 |
