Detections
Analytics

1.213 WN10-SO-000180

Information

NTLM must be prevented from falling back to a Null session.

GROUP ID: V-220934RULE ID: SV-220934r991589

NTLM sessions that are allowed to fall back to Null (unauthenticated) sessions may gain unauthorized access.

Solution

Configure the policy value for

Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> 'Network security: Allow LocalSystem NULL session fallback'

to 'Disabled'.

See Also

https://workbench.cisecurity.org/benchmarks/23869

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CCI|CCI-000366, Rule-ID|SV-220934r991589_rule, STIG-ID|WN10-SO-000180, Vuln-ID|V-220934

Plugin: Windows

Control ID: 8ac2b9be926d6def201d082aa4ec93eda4c32a76787e064f3153c044a228343d