6.8 Disallow Credential Storage

Information

Firefox allows for credentials to be stored in its credential store for certain websites.

Rationale:

Stored credentials may be harvested by an adversary that gains local privileges equal to or greater than the principal running Firefox, which may increase the scope and impact of a breach. However, preventing Firefox from storing credentials will not prevent such an adversary from harvesting credentials used while compromised.

Impact:

Credentials will not be stored for websites.

Solution

To establish the recommended configuration, set signon.rememberSignons to false:

Type about:config in the address bar

Type signon.rememberSignons in the filter

Ensure the setting is set as prescribed.

OR

Open the mozilla.cfg file in the installation directory with a text editor

Add the following lines to mozilla.cfg:

lockPref('signon.rememberSignons', false);

Default Value:

True (Enabled).

See Also

https://workbench.cisecurity.org/files/4299

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a.

Plugin: Unix

Control ID: 29740ecad2d60e3482ad95802393e12ec02c107db2cded04157e0826c6d68d41