Microsoft network client: Send unencrypted password to third-party SMB servers - EnablePlainTextPassword

Information

Microsoft network client: Send unencrypted password to connect to third-party SMB servers

If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication.

Sending unencrypted passwords is a security risk.

Default: Disabled.

Solution

Policy Path: Security Options
Policy Setting Name: Microsoft network client: Send unencrypted password to third-party SMB servers

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-windows-10-and-windows-server-version/ba-p/1543631

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-5(7), CSCv6|13

Plugin: Windows

Control ID: 4c9fa4886cf749f6b4d63b61f67aa35f5c17da709b7254e8a1f6f1bbbe881e9b