5.1 Security Considerations for Implementors

The purpose of the CredSSP Protocol is to delegate a user's clear text password or pin from the CredSSP client to a CredSSP server, and it is important to make certain that the server receiving the credentials does not fall under an attacker's control. Although trust can be facilitated via public key infrastructure (PKI), the Kerberos protocol, or NTLM, this does not mean that the target server is trusted with the user's credentials, and additional policy settings should be considered.

Additional policy settings can include defining the servers that are trusted with the user's credentials, the security strength of the authentication mechanisms allowed to be negotiated under SPNEGO [MS-SPNG], and the allowed methods by which the CredSSP client can obtain the user's credentials.

A major revision has been applied to the protocol in version 5 for improved security. Implementors are advised to support version 5 or higher only.