| V-246876 | Medium | The Horizon Client must not connect to servers without fully verifying the server certificate. | Preventing the disclosure of transmitted information requires that the application server take measures to employ some form of cryptographic mechanism in order to protect the information during... |
| V-246877 | Medium | The Horizon Client must not show the Log in as current user option. | The Horizon Connection Server STIG disabled the "Log in as current user" option, for reasons described there. Displaying this option and allowing users to select it would lead to unnecessary... |
| V-246875 | Medium | The Horizon Client must not send anonymized usage data. | By default, the Horizon Client collects anonymized data from the client systems to help improve software and hardware compatibility. To eliminate any possibility of sensitive DoD configurations... |
| V-246878 | Medium | The Horizon Client must not ignore certificate revocation problems. | When the Horizon Client connects to the server, by default, the server TLS certificate will be validated on the client side. If the revocation status cannot be determined or if the certificate is... |
| V-246879 | Medium | The Horizon Client must require TLS connections. | In older versions of Horizon, before 5.0, remote desktop connections could be established without TLS encryption. In order to protect data-in-transit when potentially connecting to very old... |
| V-246881 | Medium | The Horizon Client must not allow command line credentials. | The Horizon Client has a number of command line options including authentication parameters, by default. This can include a smart card PIN, if so configured by the end user. This would normally be... |
| V-246880 | Medium | The Horizon Client must use approved ciphers. | The Horizon Client disables the older TLS v1.0 protocol and the SSL v2 and SSL v3 protocols by default. TLS v1.1 is still enabled in the default configuration, despite known shortcomings, for the... |
