[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-38352-1

Platform: cpe:/o:microsoft:windows_server_2012::r2Date: (C)2015-10-08   (M)2023-07-04



Request compound authentication This policy setting allows you to configure a domain controller to request compound authentication. Note: For a domain controller to request compound authentication, the policy 'KDC support for claims, compound authentication, and Kerberos armoring' must be configured and enabled. If you enable this policy setting, domain controllers will request compound authentication. The returned service ticket will contain compound authentication only when the account is explicitly configured. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. If you disable or do not configure this policy setting, domain controllers will return service tickets that contain compound authentication any time the client sends a compound authentication request regardless of the account configuration.


Parameter:

[enable/disable]


Technical Mechanism:

(1) GPO: Computer ConfigurationAdministrative TemplatesSystemKDC!Request compound authentication (2) REG: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystemKDCParameters!RequestCompoundId

CCSS Severity:CCSS Metrics:
CCSS Score : 5.9Attack Vector: NETWORK
Exploit Score: 2.2Attack Complexity: HIGH
Impact Score: 3.6Privileges Required: NONE
Severity: MEDIUMUser Interaction: NONE
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HScope: UNCHANGED
 Confidentiality: NONE
 Integrity: NONE
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:28571


OVAL    1
oval:org.secpod.oval:def:28571
XCCDF    1
xccdf_org.secpod_benchmark_general_Windows_2012_R2

© SecPod Technologies