Microsoft network client: Send unencrypted password to third-party SMB servers - EnablePlainTextPassword

Information

Microsoft network client: Send unencrypted password to connect to third-party SMB servers

If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication.

Sending unencrypted passwords is a security risk.

Default: Disabled.

Solution

Policy Path: Local Policies\Security Options
Policy Name: Microsoft network client: Send unencrypted password to third-party SMB servers

See Also

https://blogs.technet.microsoft.com/secguide/2015/11/13/security-baseline-for-windows-10-build-10240-final/

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-5, CSCv6|13

Plugin: Windows

Control ID: b690aa1f517f25b0ff6641eb74ffaa577811034c570be4550979b1d6a5e19ce6