71ebd815-0ca9-44c9-b7b8-c96e155e7afb
Storing passwords using reversible encryption is essentially the same as storing clear-text versions of the passwords, which are easily compromised. For this reason, this policy must never be enabled.
To fix this configure the policy value for:
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Account Policies
|_ Password Policy and set "Store passwords using reversible encryption" to "Disabled".
STIG:
Server:
2022: https://www.stigviewer.com/stig/microsoft_windows_server_2022/2022-08-25/finding/V-254293
2019: https://www.stigviewer.com/stig/microsoft_windows_server_2019/2022-09-06/finding/V-205653 / https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93465
2016: https://www.stigviewer.com/stig/microsoft_windows_server_2016/2022-09-06/finding/V-224874 / https://www.stigviewer.com/stig/windows_server_2016/2020-06-16/finding/V-73325
Desktop:
W11: https://www.stigviewer.com/stig/microsoft_windows_11/2022-08-31/finding/V-253305
W10: https://www.stigviewer.com/stig/microsoft_windows_10/2022-04-08/finding/V-220747 / https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220747
Mitre Attack: https://attack.mitre.org/tactics/TA0003/
NIST 800-53: CM-6b. A-2, IA-5(13)
CCE: CCE-85419-0
CCI: CCI-000366
STIG-ID: APPL-11-002066
MITRE: TA0003
More info: https://4sysops.com/archives/active-directory-passwords-all-you-need-to-know/