DTBC-0029 - Importing of saved passwords must be disabled.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Importing of saved passwords should be disabled as it could lead to unencrypted account passwords stored on the system from another browser to be viewed. This policy forces the saved passwords to be imported from the previous default browser if enabled. If enabled, this policy also affects the import dialog. If disabled, the saved passwords are not imported. If it is not set, the user may be asked whether to import, or importing may happen automatically.

Solution

Windows group policy:
1. Open the group policy editor tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\
Policy Name: Import saved passwords from default browser on first run
Policy State: Disabled
Policy Value: N/A

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Google_Chrome_V2R8_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000381, Rule-ID|SV-221577r615937_rule, STIG-ID|DTBC-0029, STIG-Legacy|SV-57609, STIG-Legacy|V-44775, Vuln-ID|V-221577

Plugin: Windows

Control ID: 9f24f0296c086f88b0c4812c769d7d18140ca829c6dd96defedb540cee8609ab