Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IAO will ensure default passwords are changed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6134 | APP6260 | SV-6134r1_rule | IAIA-1 | High |
| Description |
|---|
| Default passwords can easily be compromised by attackers allowing immediate access to the applications. |
| STIG | Date |
|---|---|
| Application Security and Development STIG | 2014-04-03 |
Details
| Check Text ( C-3052r1_chk ) |
|---|
| Run a password-cracking tool, if available, on a copy of each account database (there may be more than one in the application infrastructure). 1) If the password-cracking tool is able to crack the password of a privileged user, this is a CAT I finding. 2) If the password-cracking tool is able to crack the password of a non-privileged user, this is a CAT II finding. Manually attempt to authenticate with the published default password for that account, if such a default password exists. 3) If any privileged built-in account uses a default password – no matter how complex – this is a CAT I finding. 4) If a non-privileged account has a default password, this is a CAT II finding. |
| Fix Text (F-4426r1_fix) |
|---|
| Change default passwords. |