1.1.65 Ensure 'Manage exposure of local IP addresses by WebRTC' is set to 'Disabled'

Information

This policy setting specifies a list of URLs or patterns which local IP address will be exposed by WebRTC.

Note: If this policy is enabled, disabled, or not configured, and edge://flags/#enable-webrtc-hide-local-ips-with-mdns is Disabled, WebRTC will expose local IP addresses.

The recommended state for this setting is: Disabled.

Rationale:

Enabling this setting and allowing exposure of IP addresses can allow an attacker to gather information about the internal network that could potentially be utilized to breach and traverse a network.

Impact:

None - this is the default behavior.

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Manage exposure of local IP addressess by WebRTC

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft here.


Default Value:

Disabled.

See Also

https://workbench.cisecurity.org/files/3005