WN16-CC-000520 - The Windows Remote Management (WinRM) client must not use Digest authentication.

Information

Digest authentication is not as strong as other options and may be subject to man-in-the-middle attacks. Disallowing Digest authentication will reduce this potential.

Solution

Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Remote Management (WinRM) >> WinRM Client >> 'Disallow Digest authentication' to 'Enabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_Server_2016_V2R9_STIG.zip

Item Details

Category: MAINTENANCE

References: 800-53|MA-4c., CAT|II, CCI|CCI-000877, Rule-ID|SV-224960r958510_rule, STIG-ID|WN16-CC-000520, STIG-Legacy|SV-88261, STIG-Legacy|V-73597, Vuln-ID|V-224960

Plugin: Windows

Control ID: 62ce09f005bea3aad8d4d8ada664f8a13ed016f56e55376635a31cc022e9cbda