The web server, although started by superuser or privileged account, is not run using a non- privileged account.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-13619 | WG275 | SV-14201r1_rule | Medium |
| Description |
|---|
| Running the web server with excessive privileges presents an increased risk to the web server. In the event the web server’s services are compromised, the context by which the web server is running will determine the amount of damage that may be caused by the attacker. If the web server is run as an administrator or as an equivalent account, the attacker will gain administrative access through the web server. If, on the other hand, the web server is running with least privilege required to function, the capabilities of the attacker will be greatly decreased. |
| STIG | Date |
|---|---|
| IIS 7.0 Server STIG | 2019-03-22 |
Details
| Check Text ( C-30004r1_chk ) |
|---|
| The reviewer will need to determine which account the web server is using to run and determine the privileges that account has. If the account has administrative or superuser privilege, the SA will need to provide justification showing that this type of account is necessary for the function and operation of the web server. Right-click on My Computer and select Manage. Then Select Local Users and Groups. Examine the account that is used to run the web server and determine its group affiliations. If the account is a member of a privileged group such as Administrators, and the web server is running with this account, this is a finding. If the web server is being run with excessive privileges, this is a finding. |
| Fix Text (F-13070r1_fix) |
|---|
| The site needs to configure the web server to run using a non- privileged account. |