Use of cleartext passwords in the Password Manager must be disabled

Part of DTBC0010 - Disable cleartext passwords in Password Manager

Associated with IA controls: ECSC-1

Associated with: CCI-001588

SV-47044r1_rule Use of cleartext passwords in the Password Manager must be disabled

Vulnerability discussion

Cleartext passwords would allow another individual to see password via shouldersurfing."Controls whether the user may show passwords in clear text in the password manager. If you disable this setting, the password manager does not allow showing stored passwords in clear text in the password manager window. If you enable or do not set this policy, users can view their passwords in clear text in the password manager.." - Google Chrome Administrators Policy List

Check content

Fix text

Valid for Chrome Browser version 8 or later. Windows registry: Key Path: HKLM\Software\Policies\Google\Chrome\ Value Name: PasswordManagerAllowShowPasswords Value Type: Boolean (REG_DWORD) Value Data: 0 Windows group policy: Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Password manager\ Policy Name: Allow users to show passwords in Password Manager Policy State: Disabled Policy Value: N/A

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.