Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35759 | DTBC-0012 | SV-47046r2_rule | ECSC-1 | Medium |
Description |
---|
"Specifies which HTTP Authentication schemes are supported by Google Chrome. Possible values are 'basic', 'digest', 'ntlm' and 'negotiate'. Separate multiple values with commas. If this policy is left not set, all four schemes will be used." - Google Chrome Administrators Policy List |
STIG | Date |
---|---|
Google Chrome v24 Windows Benchmark | 2013-03-07 |
Check Text ( http://oval.mitre.org/XMLSchema/oval-definitions-5 ) |
---|
Universal method (Requires Chrome Browser v15 or later): 1. In the omnibox (address bar) type chrome://policy 2. If AuthSchemes is not displayed under the Policy Name column or it is not set to negotiate under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome 3. If the AuthSchemes value name does not exist or its value data is not set to negotiate, then this is a finding. |
Fix Text (F-40305r1_fix) |
---|
Valid for Chrome Browser version 9 or later. Windows registry: Key Path: HKLM\Software\Policies\Google\Chrome\ Value Name: AuthSchemes Value Type: String (REG_SZ) Value Data: negotiate Windows group policy: Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Policies for HTTP Authentication\ Policy Name: Supported authentication schemes Policy State: Enabled Policy Value: negotiate |