The "remember password" for internet e-mail accounts must be disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-17587	DTOO237 - Outlook	SV-33524r1_rule		Medium

Description
As a security precaution, password caching for eMail Internet protocols such as POP3 or IMAP may lead to password discovery and eventually to data loss. An attacker that is able to access the users' profile may be able to acquire these cached passwords, they could then use this information to compromise the users' email accounts and other systems that use the same credentials.

STIG	Date
Microsoft Outlook 2010 STIG	2018-04-04

Details

Check Text ( C-34011r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Disable ‘Remember password’ for Internet e-mail accounts” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security Criteria: If the value EnableRememberPwd is REG_DWORD = 0, this is not a finding.

Check Text ( C-34011r1_chk )

The policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Disable ‘Remember password’ for Internet e-mail accounts” must be set to “Enabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\14.0\outlook\security

Criteria: If the value EnableRememberPwd is REG_DWORD = 0, this is not a finding.

Fix Text (F-29699r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2010 -> Security “Disable ‘Remember password’ for Internet e-mail accounts” to “Enabled”.