Use of cleartext passwords in the Password Manager must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-44739 | DTBC-0010 | SV-57573r1_rule | Medium |
| Description |
|---|
| Cleartext passwords would allow another individual to see password via shoulder surfing. This policy controls whether the user may show passwords in clear text in the password manager. If you disable this setting, the password manager does not allow showing stored passwords in clear text in the password manager window. By not configuring this policy, users can view their stored passwords in clear text in the password manager. |
| STIG | Date |
|---|---|
| Google Chrome Current Windows STIG | 2014-07-08 |
Details
| Check Text ( C-49523r2_chk ) |
|---|
| Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If PasswordManagerAllowShowPasswords is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the PasswordManagerAllowShowPasswords value name does not exist or its value data is not set to 0, then this is a finding. |
| Fix Text (F-49831r3_fix) |
|---|
| Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Password manager\ Policy Name: Allow users to show passwords in Password Manager Policy State: Disabled Policy Value: N/A |