CCE-42652-8Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-04 |
Disable: 'Do not display the password reveal button'
This policy setting allows you to configure the display of the password reveal button in password entry user experiences.
If you enable this policy setting, the password reveal button will not be displayed after a user types a password in the password entry text box.
If you disable or do not configure this policy setting, the password reveal button will be displayed after a user types a password in the password entry text box.
By default, the password reveal button is displayed after a user types a password in the password entry text box. To display the password, click the password reveal button.
The policy applies to all Windows components and applications that use the Windows system controls, including Windows 8 applications, and Internet Explorer 10 and later.
Counter Measure:
Enable this policy setting.
Potential Impact:
If you enable this policy setting, the password reveal button will not be displayed after a user types a password in the password entry text box.
If you disable or do not configure this policy setting, the password reveal button will be displayed after a user types a password in the password entry text box."
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsCredential User InterfaceDo not display the password reveal button
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsCredUIDisablePasswordReveal
CCSS Severity: | CCSS Metrics: |
CCSS Score : 6.6 | Attack Vector: PHYSICAL |
Exploit Score: 0.7 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: REQUIRED |
Vector: AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35160 |