[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Ensure RC4 Stream cipher is disabled

ID: oval:org.secpod.oval:def:54847Date: (C)2019-05-17   (M)2023-07-04
Class: COMPLIANCEFamily: windows




This policy setting determines whether RC4 stream cipher is disabled. The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. Counter Measure: Configure this setting to disable RC4. Potential Impact: Windows clients that have these registry entries set won't be able to connect to sites that require RC4. Windows servers that have these registry entries set won't be able to service clients that must use RC4. Fix: (1) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128!Enabled HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128!Enabled HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128!Enabled

Platform:
Microsoft Windows Server 2016
Reference:
CCE-92871-3
CPE    1
cpe:/o:microsoft:windows_server_2016
CCE    1
CCE-92871-3
XCCDF    1
xccdf_org.secpod_benchmark_general_Windows_Server_2016

© SecPod Technologies