Microsoft Windows Server 2019

Windows Server 2019 must disable Basic authentication for RSS feeds over HTTP

STIG ID: WN19-CC-000400 | SRG: SRG-OS-000095-GPOS-00049 | Severity: Medium | CCI: CCI-000381 | Vulnerability ID: V-205693

Description

Basic authentication uses plain-text passwords that could be used to compromise a system. Disabling Basic authentication will reduce this potential.

Check

C-5958r354997_chk

The default behavior is for the Windows RSS platform to not use Basic authentication over HTTP connections.If the registry value name below does not exist, this is not a finding.If it exists and is configured with a value of "0", this is not a finding.If it exists and is configured with a value of "1", this is a finding.Registry Hive: HKEY_LOCAL_MACHINERegistry Path: \SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds\Value Name: AllowBasicAuthInClearValue Type: REG_DWORDValue: 0x00000000 (0) (or if the Value Name does not exist)

Fix

F-5958r354998_fix

The default behavior is for the Windows RSS platform to not use Basic authentication over HTTP connections.If this needs to be corrected, configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> RSS Feeds >> "Turn on Basic feed authentication over HTTP" to "Not Configured" or "Disabled".