DTOO420 - The ability of Lync to store user passwords must be disabled.

Information

Lync 2013 provides a single, unified client for real-time communications, including voice and video calls, Lync Meetings, presence, instant messaging, and persistent chat. These features require the ability to log into the service with a username and password. The Lync client could potentially be configured to store user passwords locally which would allow it to be susceptible to compromise and to be used maliciously.

Solution

Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Lync 2013 -> Microsoft Lync Feature Policies 'Allow storage of user passwords' to 'Disabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Lync_2013_V1R5_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(c), CAT|II, CCI|CCI-000196, Rule-ID|SV-242503r961026_rule, STIG-ID|DTOO420, STIG-Legacy|SV-52834, STIG-Legacy|V-40776, Vuln-ID|V-242503

Plugin: Windows

Control ID: dbac5e15af068fe0faba4ace61bcdfb833b6c98d507194b23909084396d8d7e8