Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-40776 | DTOO420 | SV-52834r1_rule | Medium |
Description |
---|
Lync 2013 provides a single, unified client for real-time communications, including voice and video calls, Lync Meetings, presence, instant messaging, and persistent chat. These features require the ability to log into the service with a username and password. The Lync client could potentially be configured to store user passwords locally which would allow it to be susceptible to compromise and to be used maliciously. |
STIG | Date |
---|---|
Microsoft Lync 2013 STIG | 2015-04-13 |
Check Text ( None ) |
---|
None |
Fix Text (F-45760r1_fix) |
---|
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Lync 2013 -> Microsoft Lync Feature Policies "Allow storage of user passwords" to "Disabled". |