STIGQter: STIG Summary: Windows 10 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

WDigest Authentication must be disabled.

DISA Rule

SV-220800r569187_rule

Vulnerability Number

V-220800

Group Title

SRG-OS-000095-GPOS-00049

Rule Version

WN10-CC-000038

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Configure the policy value for Computer Configuration >> Administrative Templates >> MS Security Guide >> "WDigest Authentication (disabling may require KB2871997)" to "Disabled".

The patch referenced in the policy title is not required for Windows 10.

This policy setting requires the installation of the SecGuide custom templates included with the STIG package. "SecGuide.admx" and "SecGuide.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.

Check Contents

If the following registry value does not exist or is not configured as specified, this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SYSTEM\CurrentControlSet\Control\SecurityProviders\Wdigest\

Value Name: UseLogonCredential

Type: REG_DWORD
Value: 0x00000000 (0)

Vulnerability Number

V-220800

Documentable

False

Rule Version

WN10-CC-000038

Severity Override Guidance

If the following registry value does not exist or is not configured as specified, this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SYSTEM\CurrentControlSet\Control\SecurityProviders\Wdigest\

Value Name: UseLogonCredential

Type: REG_DWORD
Value: 0x00000000 (0)

Check Content Reference

M

Target Key

4072

Comments