CCE-43863-0Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-14 |
Password protect the screen saver
If the Password protect the screen saver setting is enabled, then all screen savers are password protected, if it is disabled then password protection cannot be set on any screen saver.
Counter Measure:
Configure this policy setting to Enabled so that when the other screen saver settings are implemented the risk of a user's desktop session being hijacked by a passerby is reduced.
Potential Impact:
Users will have to provide their logon credentials when they want to access their locked desktop session.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: User ConfigurationAdministrative TemplatesControl PanelPersonalizationPassword protect the screen saver
(2) REG: HKEY_USERSSoftwarePoliciesMicrosoftWindowsControl PanelDesktopScreenSaverIsSecure
(3) WMI: ###
CCSS Severity: | CCSS Metrics: |
CCSS Score : 6.8 | Attack Vector: PHYSICAL |
Exploit Score: 0.9 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:36487 |