CCE-42575-1Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-04 |
Disable: 'Honor cipher suite order'
This policy setting determines how the SMB server selects a cipher suite when negotiating a new connection with an SMB client.
If you enable this policy setting, the SMB server will select the cipher suite it most prefers from the list of client-supported cipher suites, ignoring the client's preferences.
If you disable or do not configure this policy setting, the SMB server will select the cipher suite the client most prefers from the list of server-supported cipher suites.
Note: When configuring this security setting, changes will not take effect until you restart Windows.
Counter Measure:
Enable this policy setting and specify at least one supported cipher suite.
Potential Impact:
One or more of the cipher suites in the cipher suite order may be not supported.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesNetworkLanman ServerHonor cipher suite order
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsLanmanServerHonorCipherSuiteOrder
CCSS Severity: | CCSS Metrics: |
CCSS Score : 6.5 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 4.2 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H | Scope: UNCHANGED |
| Confidentiality: NONE |
| Integrity: LOW |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35148 |