UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Password Manager must be disabled


Overview

Finding ID Version Rule ID IA Controls Severity
V-35758 DTBC-0011 SV-47045r2_rule ECSC-1 Medium
Description
"Enables saving passwords and using saved passwords in Google Chrome. If you enable this setting, users can have Google Chrome memorize passwords and provide them automatically the next time they log in to a site. If you disable this setting, users are not able to save passwords or use already saved passwords. If you enable or disable this setting, users cannot change or override this setting in Google Chrome. If this policy is left not set, this will be enabled but the user will be able to change it." - Google Chrome Administrators Policy List Password manager should not be used as it stores passwords locally.
STIG Date
Google Chrome v24 Windows Benchmark 2013-03-07

Details

Check Text ( http://oval.mitre.org/XMLSchema/oval-definitions-5 )
Universal method (Requires Chrome Browser v15 or later):
1. In the omnibox (address bar) type chrome://policy
2. If PasswordManagerEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding.

Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\
3. If the PasswordManagerEnabled value name does not exist or its value data is not set to 0, then this is a finding.
Fix Text (F-40304r1_fix)
Valid for Chrome Browser version 8 or later.

Windows registry:
Key Path: HKLM\Software\Policies\Google\Chrome\
Value Name: PasswordManagerEnabled
Value Type: Boolean (REG_DWORD)
Value Data: 0

Windows group policy:
Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Password Manager\
Policy Name: Enable the password manager
Policy State: Disabled
Policy Value: N/A