CredSSP is used within remote desktop (rdp) connections ...

how to check the CredSSP (Credential Security Support Provider) encryption oracle setting?

command prompt - with administrative privileges:
reg query HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters /v AllowEncryptionOracle

Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters' -Name AllowEncryptionOracle

Here is what the different values for AllowEncryptionOracle mean:
0 (Force Updated Clients): Only updated clients (with the CredSSP update) can connect.
1 (Mitigated): Clients without the update can connect, but without CredSSP encryption (less secure).
2 (Vulnerable): No protection, allowing any client to connect (least secure).

In this example, the AllowEncryptionOracle value is 0x2, which corresponds to 2 (Vulnerable).

If the setting is not present, it means the default configuration is being used, which typically corresponds to the most secure setting (i.e., only updated clients are allowed).

computer2know :: thank you for your visit :: have a nice day :: © 2024