CCE-99674-4Platform: cpe:/o:microsoft:windows_server_2019 | Date: (C)2022-11-22 (M)2023-07-04 |
This policy setting allows users to have their feeds authenticated using the Basic authentication scheme over an unencrypted HTTP connection.
If you enable this policy setting, the RSS Platform will authenticate to servers using the Basic authentication scheme in combination with an insecure HTTP connection.
If you disable or do not configure this setting, the RSS Platform will not authenticate to servers using the Basic authentication scheme in combination with an insecure HTTP connection.
A developer cannot change this setting through the Feed APIs.
Fix:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsRSS FeedsTurn on Basic feed authentication over HTTP
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftInternet ExplorerFeeds!AllowBasicAuthInClear
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\RSS Feeds\Turn on Basic feed authentication over HTTP
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds!AllowBasicAuthInClear
CCSS Severity: | CCSS Metrics: |
CCSS Score : 9.8 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: CRITICAL | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:85612 |