The Designer will ensure the application removes temporary storage of files and cookies when the application is terminated.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6163	APP3100	SV-6163r1_rule	ECRC-1	Medium

Description
If the application does not remove temporary data (e.g., authentication data, temporary files containing sensitive data, etc.) this temporary data could be used to re-authenticate the user or allow unauthorized access to sensitive data.

STIG	Date
Application Security and Development STIG	2014-04-03

Details

Check Text ( C-3046r1_chk )
Check application to ensure that memory is being released. Also ensure database connections are closed, if applicable. Ask the application representative to demonstrate memory and database connections are released when the application is terminated. 1) If memory is not released and the application is not using garbage collection process for memory (e.g., Java Applications), this is a finding. 2) If the application creates new database connections on entry to the application and does not release them on exit of the application, this is a finding. Ask the application representative to access the application, perform selected actions, and exit the application. Ask the application representative to search for files recently created. For a Windows System: Use Windows Explorer to search for all files (.) created today, and then examine the times to narrow the scope of the files to examine. For a Unix System: Enter: # touch -t 200301211020 /tmp/testdatefile The -t flag represents the time option. The time format to be used with -t is {[CC]YYMMDDhhmm[ss]} where the century [CC] and the seconds [ss] are optional fields. The resulting file is: -rw-r--r-- 1 root root 0 Jan 21 10:20 /tmp/testdatefile Enter a second command: # find / -newer /tmp/testdatefile --> This will produce all files on the system with a date later than that of 'testdatefile'. # find ./* -newer /tmp/testdatefile --> This will produce all files, recursively, in the current directory with a date later than that of 'testdatefile'. 3) If this list includes temporary files that are not being deleted by the application, this is a finding.

Check Text ( C-3046r1_chk )

Check application to ensure that memory is being released. Also ensure database connections are closed, if applicable. Ask the application representative to demonstrate memory and database connections are released when the application is terminated.

1) If memory is not released and the application is not using garbage collection process for memory (e.g., Java Applications), this is a finding.

2) If the application creates new database connections on entry to the application and does not release them on exit of the application, this is a finding.

Ask the application representative to access the application, perform selected actions, and exit the application. Ask the application representative to search for files recently created.

For a Windows System:
Use Windows Explorer to search for all files (*.*) created today, and then examine the times to narrow the scope of the files to examine.

For a Unix System:
Enter: # touch -t 200301211020 /tmp/testdatefile

The -t flag represents the time option. The time format to be used with -t is {[CC]YYMMDDhhmm[ss]} where the century [CC] and the seconds [ss] are optional fields.

The resulting file is:
-rw-r--r-- 1 root root 0 Jan 21 10:20 /tmp/testdatefile

Enter a second command:
# find / -newer /tmp/testdatefile --> This will produce all files on the system with a date later than that of 'testdatefile'.
# find ./* -newer /tmp/testdatefile --> This will produce all files, recursively, in the current directory with a date later than that of 'testdatefile'.

3) If this list includes temporary files that are not being deleted by the application, this is a finding.

Fix Text (F-16992r1_fix)
Configure or redesign the application to remove all temporary files before the application exits.