Internet Explorer Development Tools Must Be Disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-97527	DTBI1130-IE11	SV-106631r1_rule		Low

Description
Information needed by an attacker to begin looking for possible vulnerabilities in a web browser includes any information about the web browser and plug-ins or modules being used. When debugging or trace information is enabled in a production web browser, information about the web browser, such as web browser type, version, patches installed, plug-ins and modules installed, type of code being used by the hosted application, and any back-ends being used for data storage may be displayed. Since this information may be placed in logs and general messages during normal operation of the web browser, an attacker does not need to cause an error condition to gain this information.

Description

Information needed by an attacker to begin looking for possible vulnerabilities in a web browser includes any information about the web browser and plug-ins or modules being used. When debugging or trace information is enabled in a production web browser, information about the web browser, such as web browser type, version, patches installed, plug-ins and modules installed, type of code being used by the hosted application, and any back-ends being used for data storage may be displayed. Since this information may be placed in logs and general messages during normal operation of the web browser, an attacker does not need to cause an error condition to gain this information.

STIG	Date
Microsoft Internet Explorer 11 Security Technical Implementation Guide	2019-09-23

Details

Check Text ( C-96363r1_chk )
The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Toolbars >> “Turn off Developer Tools” must be “Enabled”, and “Disable” selected from the drop-down box. Procedure: Use the Windows Registry Editor to navigate to the following key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\IEDevTools Criteria: If the value "Disabled" is REG_DWORD = 1, this is not a finding.

Check Text ( C-96363r1_chk )

The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Toolbars >> “Turn off Developer Tools” must be “Enabled”, and “Disable” selected from the drop-down box.
Procedure: Use the Windows Registry Editor to navigate to the following key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\IEDevTools
Criteria: If the value "Disabled" is REG_DWORD = 1, this is not a finding.

Fix Text (F-103205r1_fix)
Set the policy value for Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Toolbars >> “Turn off Developer Tools” to “Enabled”, and select “Disable” from the drop-down box.