|Platform: win10||Date: (C)2016-09-23 (M)2018-07-10|
Disable: 'Microsoft network client: Send unencrypted password to third-party SMB servers' for EnablePlainTextPassword
Disable this policy setting to prevent the SMB redirector from sending plaintext passwords during authentication to third-party SMB servers that do not support password encryption. Microsoft recommends that you disable this policy setting unless there is a strong business case to enable it. If this policy setting is enabled, unencrypted passwords will be allowed across the network.
Configure the Microsoft network client: Send unencrypted password to connect to third-party SMB servers setting to Disabled.
Some very old applications and operating systems such as MS-DOS, Windows for Workgroups 3.11, and Windows 95a may not be able to communicate with the servers in your organization by means of the SMB protocol.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network client: Send unencrypted password to third-party SMB servers
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword
|SCAP Repo OVAL Definition||oval:org.secpod.oval:def:34987|