Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16795 | APP3310 | SV-17795r1_rule | IAIA-1 | High |
Description |
---|
Passwords being displayed in clear text can be easily seen by casual observers. Password masking should be employed so any casual observers cannot see passwords on the screen as they are being typed. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-04-03 |
Check Text ( C-17790r1_chk ) |
---|
Ask the application representative to login to the application. If the application uses password authentication, the password should not be displayed as clear text. 1) If the password is displayed as clear text, this is a finding. |
Fix Text (F-17022r1_fix) |
---|
Use password masking to prevent display of clear text password. |