Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35757 | DTBC-0010 | SV-47044r2_rule | ECSC-1 | High |
Description |
---|
Cleartext passwords would allow another individual to see password via shouldersurfing. "Controls whether the user may show passwords in clear text in the password manager. If you disable this setting, the password manager does not allow showing stored passwords in clear text in the password manager window. If you enable or do not set this policy, users can view their passwords in clear text in the password manager.." - Google Chrome Administrators Policy List |
STIG | Date |
---|---|
Google Chrome v24 Windows Benchmark | 2013-03-07 |
Check Text ( http://oval.mitre.org/XMLSchema/oval-definitions-5 ) |
---|
Universal method (Requires Chrome Browser v15 or later): 1. In the omnibox (address bar) type chrome://policy 2. If PasswordManagerAllowShowPasswords is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the PasswordManagerAllowShowPasswords value name does not exist or its value data is not set to 0, then this is a finding. |
Fix Text (F-40303r1_fix) |
---|
Valid for Chrome Browser version 8 or later. Windows registry: Key Path: HKLM\Software\Policies\Google\Chrome\ Value Name: PasswordManagerAllowShowPasswords Value Type: Boolean (REG_DWORD) Value Data: 0 Windows group policy: Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Password manager\ Policy Name: Allow users to show passwords in Password Manager Policy State: Disabled Policy Value: N/A |