WN12-CC-000125 - The Windows Remote Management (WinRM) client must not use Digest authentication.

Information

Digest authentication is not as strong as other options and may be subject to man-in-the-middle attacks.

Solution

Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Remote Management (WinRM) -> WinRM Client -> 'Disallow Digest authentication' to 'Enabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_MS_V3R7_STIG.zip

Item Details

Category: MAINTENANCE

References: 800-53|MA-4c., CAT|II, CCI|CCI-000877, Rule-ID|SV-225398r877395_rule, STIG-ID|WN12-CC-000125, STIG-Legacy|SV-51754, STIG-Legacy|V-36714, Vuln-ID|V-225398

Plugin: Windows

Control ID: 887a25982a134dd427bae89aacec53ca37329d9f8ca76c7432527aae4fa4c8b8