Redirection behavior for upgraded web sites by SharePoint must be blocked.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-17576	DTOO157 - InfoPath	SV-33657r1_rule		Medium

Description
InfoPath automatically redirects user requests for sites that have not been upgraded to the temporary URL if it is located on the local intranet, but blocks them if the temporary URL is located elsewhere. InfoPath will prompt users before redirecting forms or form templates to another intranet site. If this restriction is relaxed, all requests to sites that have not been upgraded will be redirected to their targets, regardless of location. This functionality could cause requests made to a secure site to be redirected to an unsecured one (for example, requests to an intranet site could be redirected to an unencrypted Internet site), causing sensitive information to be at risk.

Description

InfoPath automatically redirects user requests for sites that have not been upgraded to the temporary URL if it is located on the local intranet, but blocks them if the temporary URL is located elsewhere. InfoPath will prompt users before redirecting forms or form templates to another intranet site. If this restriction is relaxed, all requests to sites that have not been upgraded will be redirected to their targets, regardless of location. This functionality could cause requests made to a secure site to be redirected to an unsecured one (for example, requests to an intranet site could be redirected to an unencrypted Internet site), causing sensitive information to be at risk.

STIG	Date
Microsoft InfoPath 2010 STIG	2018-04-03

Details

Check Text ( C-34118r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2010 -> Security -> “Control behavior for Microsoft SharePoint Foundation gradual upgrade” must be set to “Enabled (Block all redirections)”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\infoPath\security Criteria: If the value GradualUpgradeRedirection is REG_DWORD = 2, this is not a finding.

Check Text ( C-34118r1_chk )

The policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2010 -> Security -> “Control behavior for Microsoft SharePoint Foundation gradual upgrade” must be set to “Enabled (Block all redirections)”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\14.0\infoPath\security

Criteria: If the value GradualUpgradeRedirection is REG_DWORD = 2, this is not a finding.

Fix Text (F-29798r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2010 -> Security -> “Control behavior for Microsoft SharePoint Foundation gradual upgrade” to “Enabled (Block all redirections)”.