| VID |
28365 |
| Severity |
30 |
| Port |
135 |
| Protocol |
TCP |
| Class |
WMI |
| Detailed Description |
Remote system's secure channel data setting is weak for security. This policy setting is determine the domain member to start signing or encrypting all secure channel traffic.
Authentication traffic can be protected from man-in-the-middle attacks, replay attacks, and other types of network attacks bye NetLogon Windows-based computers.
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
1. Run> SECPOL.MSC > Local Policies> Security Options
2. 'Domain member: Digitally encrypt or sign secure channel data (always)' setting the value to 'Enabled'
3. 'Domain member: Digitally encrypt secure channel data (when possible)' setting the value to 'Enabled'
4. 'Domain member: Digitally sign secure channel data (when possible)' setting the value to 'Enabled' |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
