Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The ability of Lync to store user passwords must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-40776 | DTOO420 | SV-52834r1_rule | Medium |
| Description |
|---|
| Lync 2013 provides a single, unified client for real-time communications, including voice and video calls, Lync Meetings, presence, instant messaging, and persistent chat. These features require the ability to log into the service with a username and password. The Lync client could potentially be configured to store user passwords locally which would allow it to be susceptible to compromise and to be used maliciously. |
| STIG | Date |
|---|---|
| Microsoft Lync 2013 STIG | 2018-04-04 |
Details
| Check Text ( C-47151r1_chk ) |
|---|
| Verify the policy value for Computer Configuration -> Administrative Templates -> Microsoft Lync 2013 -> Microsoft Lync Feature Policies "Allow storage of user passwords" is set to "Disabled". Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\office\15.0\lync Criteria: If the value savepassword is REG_DWORD = 0, this is not a finding. |
| Fix Text (F-45760r1_fix) |
|---|
| Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Lync 2013 -> Microsoft Lync Feature Policies "Allow storage of user passwords" to "Disabled". |