[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-37067-6

Platform: cpe:/o:microsoft:windows_server_2012::r2Date: (C)2015-10-08   (M)2023-07-04



MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) The registry value entry AutoAdminLogon was added to the template file in the HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon registry key. The entry appears as MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) in the Security Configuration Editor. This setting is separate from the Welcome screen feature in Windows XP and Windows Vista; if that feature is disabled, this setting is not disabled. If you configure a computer for automatic logon, anyone who can physically gain access to the computer can also gain access to everything that is on the computer, including any network or networks to which the computer is connected. Also, if you enable automatic logon, the password is stored in the registry in plaintext, and the specific registry key that stores this value is remotely readable by the Authenticated Users group. For additional information, see the Knowledge Base article 315231, 'How to turn on automatic logon in Windows XP.'


Parameter:

[enable/disable]


Technical Mechanism:

(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options!MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) (2) REG: HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon!AutoAdminLogon

CCSS Severity:CCSS Metrics:
CCSS Score : 6.8Attack Vector: PHYSICAL
Exploit Score: 0.9Attack Complexity: LOW
Impact Score: 5.9Privileges Required: NONE
Severity: MEDIUMUser Interaction: NONE
Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: HIGH
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:22973


OVAL    1
oval:org.secpod.oval:def:22973
XCCDF    7
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2012_R2
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_2012_R2
xccdf_org.secpod_benchmark_PCI_Windows_2012_R2
xccdf_org.secpod_benchmark_ISO27001_Windows_2012_R2
...

© SecPod Technologies