CCE-44407-5Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-14 |
Disable: 'Require trusted path for credential entry'
If you enable this policy setting, users are required to enter Windows credentials on the Secure Desktop by means of the trusted path mechanism. This means that before entering account and password information to authorize an elevation request, a user first need to press CTRL+ALT+DEL.
Counter Measure:
Enable this setting.
Potential Impact:
If you disable or do not configure this policy setting, users can enter Windows credentials within the user's desktop session, potentially allowing malicious code access to the user's Windows credentials.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsCredential User InterfaceRequire trusted path for credential entry
(2) REG: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesCredUIEnableSecureCredentialPrompting
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.5 | Attack Vector: NETWORK |
Exploit Score: 1.6 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: REQUIRED |
Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35433 |