Windows Server 2022 Windows Remote Management (WinRM) service must not use Basic authentication.

An XCCDF Rule

Description

Basic authentication uses plain-text passwords that could be used to compromise a system. Disabling Basic authentication will reduce this potential.

ID: SV-254381r958510_rule
Version: WN22-CC-000500
Severity: High
References: CCI-000877
Updated: 6 days ago

Remediation Templates

Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Remote Management (WinRM) >> WinRM Service >> Allow Basic authentication to "Disabled".