Showing 1 of 1 findings
(filtered)
View Documentation Status (90 tracked)
| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-228417 | CAT II | MONT-MB-002 | Microsoft Exchange 2016 Mailbox Server S... | Exchange must have forms-based authentication disa... | - | |||
Check TextOpen the Exchange Management Shell and enter the following command: Get-OwaVirtualDirectory | Select ServerName, Name, Identity, FormsAuthentication If the value of "FormsAuthentication" is not set to "False", this is a finding. Fix TextOpen the Exchange Management Shell and enter the following command: Set-OwaVirtualDirectory -Identity <'IdentityName'> -FormsAuthentication $false Note: <IdentityName> must be in single quotes. Example for the Identity Name: <ServerName>\owa (Default website) Restart the ISS service. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: 4EA59F616166BD941B5943C6CD5AE4C5B913F7ED ~~~~~ MONT-MB-002 FormsAuthentication: True [Expected False]
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_MSExchange2016MB_V2R6_20251023-152357.ckl
Scan Date: 2026-01-14T12:57:33.455034
Technology Area: Exchange Server
|
||||||||