UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The ability of Lync to store user passwords must be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-40776 DTOO420 SV-52834r1_rule Medium
Description
Lync 2013 provides a single, unified client for real-time communications, including voice and video calls, Lync Meetings, presence, instant messaging, and persistent chat. These features require the ability to log into the service with a username and password. The Lync client could potentially be configured to store user passwords locally which would allow it to be susceptible to compromise and to be used maliciously.
STIG Date
Microsoft Lync 2013 STIG 2015-04-13

Details

Check Text ( None )
None
Fix Text (F-45760r1_fix)
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Lync 2013 -> Microsoft Lync Feature Policies "Allow storage of user passwords" to "Disabled".