Microsoft Windows 11

Basic authentication for RSS feeds over HTTP must not be used

STIG ID: WN11-CC-000300 | SRG: SRG-OS-000095-GPOS-00049 | Severity: Medium | CCI: CCI-000381 | Vulnerability ID: V-253408

Description

Basic authentication uses plain text passwords that could be used to compromise a system.

Check

C-56861r829306_chk

The default behavior is for the Windows RSS platform to not use Basic authentication over HTTP connections.If it exists and is configured with a value of "1", this is a finding.Registry Hive: HKEY_LOCAL_MACHINERegistry Path: \SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds\Value Name: AllowBasicAuthInClearValue Type: REG_DWORDValue: 0 (or if the Value Name does not exist)

Fix

F-56811r829307_fix

The default behavior is for the Windows RSS platform to not use Basic authentication over HTTP connections.To correct this, configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> RSS Feeds >> "Turn on Basic feed authentication over HTTP" to "Not Configured" or "Disabled".