[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Store passwords using reversible encryption

ID: oval:gov.nist.usgcb.windowsseven:def:9Date: (C)2012-04-13   (M)2017-10-26
Class: COMPLIANCEFamily: windows




This security setting determines whether the operating system stores passwords using reversible encryption. This policy provides support for applications that use protocols that require knowledge of the user's password for authentication purposes. Storing passwords using reversible encryption is essentially the same as storing plaintext versions of the passwords. For this reason, this policy should never be enabled unless application requirements outweigh the need to protect password information. This policy is required when using Challenge-Handshake Authentication Protocol (CHAP) authentication through remote access or Internet Authentication Services (IAS). It is also required when using Digest Authentication in Internet Information Services (IIS). Default: Disabled. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Store passwords using reversible encryption (2) REG: INFO NOT AVAILABLE

Platform:
Microsoft Windows 7
Reference:
CCE-9260-1
CPE    1
cpe:/o:microsoft:windows_7
CCE    1
CCE-9260-1
XCCDF    9
xccdf_gov.nist_benchmark_USGCB-Windows-7
xccdf_nist_benchmark_Windows_7
xccdf_org.secpod_benchmark_Windows_7
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_7
...

© 2013 SecPod Technologies