Skip to content

The remember password for internet e-mail accounts must be disabled.

An XCCDF Rule

Description

<VulnDiscussion>As a security precaution, password caching for email Internet protocols such as POP3 or IMAP may lead to password discovery and eventually to data loss. An attacker that is able to access the users' profile may be able to acquire these cached passwords; they could then use this information to compromise the users' email accounts and other systems that use the same credentials.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><Responsibility>Information Assurance Officer</Responsibility><IAControls></IAControls>

ID
SV-53923r1_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Set the policy value for User Configuration -> Administrative Templates -> Microsoft Outlook 2013 -> Security "Disable 'Remember password' for Internet e-mail accounts" to "Enabled".