CCE-37929-7Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-04 |
Always prompt for password upon connection
This policy setting specifies whether Terminal Services always prompts the client computer for a password upon connection. You can use this policy setting to enforce a password prompt for users who log on to Terminal Services, even if they already provided the password in the Remote Desktop Connection client. By default, Terminal Services allows users to automatically log on if they enter a password in the Remote Desktop Connection client.
Note If you do not configure this policy setting, the local computer administrator can use the Terminal Services Configuration tool to either allow or prevent passwords from being automatically sent.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostSecurity!Always prompt for password upon connection
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTTerminal Services!fPromptForPassword
CCSS Severity: | CCSS Metrics: |
CCSS Score : 9.8 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: CRITICAL | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:28309 |