UCF STIG Viewer Logo

The designer will ensure the application does not display account passwords as clear text.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16795 APP3310 SV-17795r1_rule IAIA-1 High
Description
Passwords being displayed in clear text can be easily seen by casual observers. Password masking should be employed so any casual observers cannot see passwords on the screen as they are being typed.
STIG Date
Application Security and Development Checklist 2014-12-22

Details

Check Text ( C-17790r1_chk )
Ask the application representative to login to the application.

If the application uses password authentication, the password should not be displayed as clear text.

1) If the password is displayed as clear text, this is a finding.
Fix Text (F-17022r1_fix)
Use password masking to prevent display of clear text password.