Vulnerability Details

Microsoft Windows: MS Security Guide: WDigest Authentication

Published: 2018-06-15 09:51:43

CVSS Base Vector:
AV:L/AC:H/Au:S/C:N/I:N/A:N

Report Confidence:
97

Summary:
This test checks the setting for policy 'WDigest Authenticationr' on Windows hosts (at least Windows 7). When WDigest authentication is enabled, Lsass.exe retains a copy of the users plaintext password in memory, where it can be at risk of theft. Microsoft recommends disabling WDigest authentication unless it is needed. If this setting is not configured, WDigest authentication is disabled in Windows 8.1 and in Windows Server 2012 R2 it is enabled by default in earlier versions of Windows and Windows Server.

Severity
Detection Plugin
CVSS Score
0.0
Published
2018-06-15
Modified
2018-08-06
Category
Policy

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.