CCE-44793-8Platform: cpe:/o:microsoft:windows_server_2016 | Date: (C)2017-08-03 (M)2023-07-14 |
If the Password protect the screen saver setting is enabled, then all screen savers are password protected, if it is disabled then password protection cannot be set on any screen saver.
Vulnerability:
If a user forgets to lock their computer when they walk away it is possible that a passerby will hijack it.
Counter Measure:
Configure this policy setting to Enabled so that when the other screen saver settings are implemented the risk of a user's desktop session being hijacked by a passerby is reduced.
Potential Impact:
Users will have to provide their logon credentials when they want to access their locked desktop session.
Fix:
(1) GPO: User ConfigurationAdministrative TemplatesControl PanelPersonalizationPassword protect the screen saver
(2) REG: HKEY_USERSSoftwarePoliciesMicrosoftWindowsControl PanelDesktop!ScreenSaverIsSecure
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: User Configuration\Administrative Templates\Control Panel\Personalization\Password protect the screen saver
(2) REG: HKEY_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop!ScreenSaverIsSecure
CCSS Severity: | CCSS Metrics: |
CCSS Score : 6.8 | Attack Vector: PHYSICAL |
Exploit Score: 0.9 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:40260 |