WN12-CC-000123 - The Windows Remote Management (WinRM) client must not use Basic authentication.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Basic authentication uses plain text passwords that could be used to compromise a system.

Solution

Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Remote Management (WinRM) -> WinRM Client -> 'Allow Basic authentication' to 'Disabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_MS_V3R5_STIG.zip

Item Details

References: CAT|I, CCI|CCI-000877, Rule-ID|SV-225396r569185_rule, STIG-ID|WN12-CC-000123, STIG-Legacy|SV-51752, STIG-Legacy|V-36712, Vuln-ID|V-225396

Plugin: Windows

Control ID: 1d15f6cd66444debcfc31e5dcd613c356b6d9ec656a555a184f9c23ddf09ef2e