Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6131 | APP3380 | SV-6131r1_rule | IAIA-1 | Medium |
Description |
---|
Duplicate user accounts can create a situation where multiple users will be mapped to a single account. These duplicate user accounts may cause users to assume other users roles and privilege escalation. If user IDs are not unique and individual, user activity may not be accurately audited and unauthorized activity may not be seen by the audit system. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-01-07 |
Check Text ( C-2945r1_chk ) |
---|
If the user accounts used in the application are only operating system or database accounts, this check is Not Applicable. Identify duplicate userids. If these are not available, sort the list by the user name and, if applicable, associated ID number so that duplicates will be contiguous and thus easier to locate. 1) If any duplicates user accounts are discovered, it is a finding. The finding details should specify the duplicates by name, unless they are too numerous to document, in which case a numerical count of the IDs is more appropriate. |
Fix Text (F-17029r1_fix) |
---|
Remove duplicate user accounts. |