UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The HTTPS warning page must not be able to be bypassed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-235757 EDGE-00-000044 SV-235757r626523_rule Medium
Description
Microsoft Edge shows a warning page when users visit sites that have SSL errors. If this policy is enabled or not configured (default), users can click through these warning pages. If this policy is disabled, users are blocked from clicking through any warning page.
STIG Date
Microsoft Edge Security Technical Implementation Guide 2021-02-16

Details

Check Text ( C-38976r626467_chk )
The policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Allow users to proceed from the HTTPS warning page" must be set to "disabled".

Use the Windows Registry Editor to navigate to the following key:
HKLM\SOFTWARE\Policies\Microsoft\Edge

If the value for "SSLErrorOverrideAllowed" is not set to "REG_DWORD = 0", this is a finding.
Fix Text (F-38939r626468_fix)
Set the policy value for "Computer Configuration/Administrative Templates/Microsoft Edge/Allow users to proceed from the HTTPS warning page" to "disabled".