Policy : Microsoft Windows: MS Security Guide: WDigest Authentication

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.109307

Kategorie: Policy

Titel: Microsoft Windows: MS Security Guide: WDigest Authentication

Zusammenfassung: When WDigest authentication is enabled, Lsass.exe retains a copy;of the user's plaintext password in memory, where it can be at risk of theft. Microsoft recommends;disabling WDigest authentication unless it is needed.;;If this setting is not configured, WDigest authentication is disabled in Windows 8.1 and in Windows;Server 2012 R2, it is enabled by default in earlier versions of Windows and Windows Server.;;Update KB2871997 must first be installed to disable WDigest authentication using this setting in;Windows 7, Windows 8, Windows Server 2008 R2 and Windows Server 2012.;;Enabled: Enables WDigest authentication.;;Disabled (recommended): Disables WDigest authentication. For this setting to work on Windows 7,;Windows 8, Windows Server 2008 R2 or Windows Server 2012, KB2871997 must first be installed.;;(C) Microsoft Corporation 2015.

Beschreibung: Summary:
When WDigest authentication is enabled, Lsass.exe retains a copy
of the user's plaintext password in memory, where it can be at risk of theft. Microsoft recommends
disabling WDigest authentication unless it is needed.

If this setting is not configured, WDigest authentication is disabled in Windows 8.1 and in Windows
Server 2012 R2, it is enabled by default in earlier versions of Windows and Windows Server.

Update KB2871997 must first be installed to disable WDigest authentication using this setting in
Windows 7, Windows 8, Windows Server 2008 R2 and Windows Server 2012.

Enabled: Enables WDigest authentication.

Disabled (recommended): Disables WDigest authentication. For this setting to work on Windows 7,
Windows 8, Windows Server 2008 R2 or Windows Server 2012, KB2871997 must first be installed.

(C) Microsoft Corporation 2015.

CVSS Score:
0.0

CVSS Vector:
AV:L/AC:H/Au:S/C:N/I:N/A:N

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.109307
Kategorie:	Policy
Titel:	Microsoft Windows: MS Security Guide: WDigest Authentication
Zusammenfassung:	When WDigest authentication is enabled, Lsass.exe retains a copy;of the user's plaintext password in memory, where it can be at risk of theft. Microsoft recommends;disabling WDigest authentication unless it is needed.;;If this setting is not configured, WDigest authentication is disabled in Windows 8.1 and in Windows;Server 2012 R2, it is enabled by default in earlier versions of Windows and Windows Server.;;Update KB2871997 must first be installed to disable WDigest authentication using this setting in;Windows 7, Windows 8, Windows Server 2008 R2 and Windows Server 2012.;;Enabled: Enables WDigest authentication.;;Disabled (recommended): Disables WDigest authentication. For this setting to work on Windows 7,;Windows 8, Windows Server 2008 R2 or Windows Server 2012, KB2871997 must first be installed.;;(C) Microsoft Corporation 2015.
Beschreibung:	Summary: When WDigest authentication is enabled, Lsass.exe retains a copy of the user's plaintext password in memory, where it can be at risk of theft. Microsoft recommends disabling WDigest authentication unless it is needed. If this setting is not configured, WDigest authentication is disabled in Windows 8.1 and in Windows Server 2012 R2, it is enabled by default in earlier versions of Windows and Windows Server. Update KB2871997 must first be installed to disable WDigest authentication using this setting in Windows 7, Windows 8, Windows Server 2008 R2 and Windows Server 2012. Enabled: Enables WDigest authentication. Disabled (recommended): Disables WDigest authentication. For this setting to work on Windows 7, Windows 8, Windows Server 2008 R2 or Windows Server 2012, KB2871997 must first be installed. (C) Microsoft Corporation 2015. CVSS Score: 0.0 CVSS Vector: AV:L/AC:H/Au:S/C:N/I:N/A:N
Copyright	Copyright (C) 2018 Greenbone Networks GmbH