Detections
Analytics

1.175 WN10-CC-000360

Information

The Windows Remote Management (WinRM) client must not use Digest authentication.

GROUP ID: V-220868RULE ID: SV-220868r958510

Digest authentication is not as strong as other options and may be subject to man-in-the-middle attacks.

Solution

Configure the policy value for

Computer Configuration >> Administrative Templates >> Windows Components >> Windows Remote Management (WinRM) >> WinRM Client >> 'Disallow Digest authentication'

to 'Enabled'.

See Also

https://workbench.cisecurity.org/benchmarks/23869

Item Details

Category: MAINTENANCE

References: 800-53|MA-4c., CCI|CCI-000877, Rule-ID|SV-220868r958510_rule, STIG-ID|WN10-CC-000360, Vuln-ID|V-220868

Plugin: Windows

Control ID: 2dac16e8fd67c13aface968d05b9f9327016de1bbafb2bc08ff7cc150504d278