UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The designer will ensure the application transmits account passwords in an approved encrypted format.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16796 APP3330 SV-17796r1_rule ECCT-1 High
Description
Passwords transmitted in clear text or with an unapproved format are vulnerable to network protocol analyzers. These passwords acquired with the network protocol analyzers can be used to immediately access the application.
STIG Date
Application Security and Development Checklist 2014-12-22

Details

Check Text ( C-17792r1_chk )
Ask the application representative to demonstrate that passwords are encrypted before they are transmitted.

1) If the application does not use passwords for identification and authentication, this check is not applicable.

2) If the application does not encrypt passwords before transmitting them, it is a finding.
Fix Text (F-17023r1_fix)
Modify the application to encrypt all transmitted passwords.