STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Microsoft Windows Server 2025 Security Technical Implementation Guide

V-278212

CAT II (Medium)

Windows Server 2025 unencrypted passwords must not be sent to third-party Server Message Block (SMB) servers.

Rule ID

SV-278212r1181342_rule

STIG

Microsoft Windows Server 2025 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000197

Discussion

Some non-Microsoft SMB servers only support unencrypted (plain-text) password authentication. Sending plain-text passwords across the network when authenticating to an SMB server reduces the overall security of the environment. Check with the vendor of the SMB server to determine if there is a way to support encrypted password authentication.

Check Content

If the following registry value does not exist or is not configured as specified, this is a finding:

Registry HiveHKEY_LOCAL_MACHINE
Registry Path\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\

Value NameEnablePlainTextPassword

Value TypeREG_DWORD
Value0x00000000 (0)

Fix Text

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> Microsoft Network Client: Send unencrypted password to third-party SMB servers to "Disabled".