Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Logon options must be configured and enforced (Restricted Sites zone).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6311 | DTBI136 | SV-40619r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Users could submit credentials to servers operated by malicious people who could then attempt to connect to legitimate servers with those captured credentials. Care must be taken with user credentials, automatic logon performance, and how default Windows credentials are passed to web sites. |
| STIG | Date |
|---|---|
| Internet Explorer 9 Security Technical Implementation Guide | 2014-01-08 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-34473r1_fix) |
|---|
| Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> "Logon options" to “Enabled” and select "Anonymous logon" from the drop-down box. |