CCE-36462-0Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-04 |
Allow ECC certificates to be used for logon and authentication
This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.
If you enable this policy setting, ECC certificates on a smart card can be used to log on to a domain.
If you disable or do not configure this policy setting, ECC certificates on a smart card cannot be used to log on to a domain.
Note: This policy setting only affects a user's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not affected by this policy setting.
Note: If you use an ECDSA key to log on, you must also have an associated ECDH key to permit logons when you are not connected to the network.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsSmart Card!Allow ECC certificates to be used for logon and authentication
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSmartCardCredentialProvider!EnumerateECCCerts
CCSS Severity: | CCSS Metrics: |
CCSS Score : 4.1 | Attack Vector: PHYSICAL |
Exploit Score: 0.7 | Attack Complexity: LOW |
Impact Score: 3.4 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:27498 |