Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-56421 | WINCC-000147 | SV-70677r1_rule | ECSC-1 | Low |
Description |
---|
The touch keyboard or input panel may highlight keys as passwords are entered, providing visibility to nearby persons, and compromising them. |
STIG | Date |
---|---|
Windows 7 Security Technical Implementation Guide | 2016-12-19 |
Check Text ( C-56977r1_chk ) |
---|
If the system does not have a touch screen, this is NA. If the system has a touch screen and the following registry values do not exist or are not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry path: \SOFTWARE\Policies\Microsoft\TabletTip\1.7\ Value Name: PasswordSecurityState Type: REG_DWORD Value: 1 Value Name: PasswordSecurity Type: REG_DWORD Value: 4 or 5 (1, 2, or 3 are a finding) |
Fix Text (F-61303r1_fix) |
---|
If the system does not have a touch screen, this is NA. Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Tablet PC -> Input Panel -> "Turn off password security in Input Panel" to at least "Enabled: Medium High". |