V-205713
SV-205713r958510_rule
CAT I
Windows Server 2019 Windows Remote Management (WinRM) service must not use Basic authentication.
From: Microsoft Windows Server 2019 Security Technical Implementation Guide (V3R8)
Description
<VulnDiscussion>Basic authentication uses plain-text passwords that could be used to compromise a system. Disabling Basic authentication will reduce this potential.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
If the following registry value does not exist or is not configured as specified, this is a finding:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\
Value Name: AllowBasic
Type: REG_DWORD
Value: 0x00000000 (0)
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Remote Management (WinRM) >> WinRM Service >> "Allow Basic authentication" to "Disabled".
CCI Reference
CCI-000877- Created
- 2026-04-07 20:08:25
- Last Updated
- 2026-04-07 20:08:25