The ability of Lync to store user passwords must be disabled.
An XCCDF Rule
Description
Lync 2013 provides a single, unified client for real-time communications, including voice and video calls, Lync Meetings, presence, instant messaging, and persistent chat. These features require the ability to log into the service with a username and password. The Lync client could potentially be configured to store user passwords locally which would allow it to be susceptible to compromise and to be used maliciously.
| Property | Value |
|---|---|
| Responsibility | System Administrator |
- ID
- SV-52834r1_rule
- Version
- DTOO420
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Set the policy value for Computer Configuration -> Administrative Templates -> Microsoft Lync 2013 -> Microsoft Lync Feature Policies "Allow storage of user passwords" to "Disabled".