UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IAO will ensure default passwords are changed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6134 APP6260 SV-6134r1_rule IAIA-1 High
Description
Default passwords can easily be compromised by attackers allowing immediate access to the applications.
STIG Date
Application Security and Development Checklist 2014-01-07

Details

Check Text ( C-3052r1_chk )
Run a password-cracking tool, if available, on a copy of each account database (there may be more than one in the application infrastructure).

1) If the password-cracking tool is able to crack the password of a privileged user, this is a CAT I finding.

2) If the password-cracking tool is able to crack the password of a non-privileged user, this is a CAT II finding.

Manually attempt to authenticate with the published default password for that account, if such a default password exists.

3) If any privileged built-in account uses a default password – no matter how complex – this is a CAT I finding.

4) If a non-privileged account has a default password, this is a CAT II finding.
Fix Text (F-4426r1_fix)
Change default passwords.