CCE-34013-3| Platform: cpe:/o:microsoft:windows_8.1 | Date: (C)2015-10-14 (M)2023-07-04 |
Disallow Kerberos authentication
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not accept Kerberos credentials over the network.
If you enable this policy setting, the WinRM service will not accept Kerberos credentials over the network.
If you disable or do not configure this policy setting, then the WinRM service will accept Kerberos authentication from a remote client.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows Remote Management (WinRM)WinRM Service!Disallow Kerberos authentication
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsWinRMService!AllowKerberos
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 9.8 | Attack Vector: NETWORK |
| Exploit Score: 3.9 | Attack Complexity: LOW |
| Impact Score: 5.9 | Privileges Required: NONE |
| Severity: CRITICAL | User Interaction: NONE |
| Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:29206 |
