PingSentry   |   Discord   |   System32   |   GitHub   |   Free tools

Remote Management: Windows Remote Management (WinRM) client must not use Digest authentication

1a0eb6a5-9009-4dc3-b12f-bed65052c49d

Digest authentication is not as strong as other options and may be subject to man-in-the-middle attacks. Disallowing Digest authentication will reduce this potential.

Remediation

To fix this configure the policy value for
Computer Configuration
|_ Administrative Templates
|_ Windows Components
|_ Windows Remote Management (WinRM)
|_ WinRM Client
|_ Disallow Digest authentication = "Enabled"

STIG
Server
2022: https://stigviewer.com/stigs/microsoft_windows_server_2022/2023-09-11/finding/V-254380
2019: https://stigviewer.com/stigs/microsoft_windows_server_2019/2023-09-11/finding/V-205712

Desktop
W11: https://stigviewer.com/stigs/microsoft_windows_11/2023-09-29/finding/V-253421
W10: https://stigviewer.com/stigs/microsoft_windows_10/2023-09-29/finding/V-220868

Nist 800-53: CM-1, CM-2, CM-6, CM-7, CM-7(1), CM-9, SA-3, SA-8, SA-10
Nist 800-171A: 3.4.8[a]
CSCv7|: 6.5
Vul ID: V-205712
Rule ID: SV-205712r569188_rule
STIG ID: WN19-CC-000490
Severity: CAT II
Owasp Top10: A05:2021
PCI-DSS v3.2: 1.1.5
PCI-DSS v4.0: 2.1, 8.5



Tags

compliance-desktop compliance-server desktop server security-server security-desktop stig-medium-desktop stig-medium-server cis-csc-desktop cis-csc-server nist800-53-desktop nist800-53-server nist800-171-desktop nist800-171-server pci-dss-v4-desktop pci-dss-v4-server pci-dss-v3.2-desktop pci-dss-v3.2-server

Your Privacy Choices

Manage your cookie preferences below:

Helps us improve website performance and understand how visitors use our site.

Allows us to collect feedback about our products and improve them based on your input.

To learn more about our use of cookies, please see our
Privacy Policy.