UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The designer will ensure the application does not rely solely on a resource name to control access to a resource.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16804 APP3460 SV-17804r1_rule DCSQ-1 High
Description
Application access control decisions should be based on authentication of users. Resource names alone can be spoofed allowing access control mechanisms to be bypassed giving immediate access to the application.
STIG Date
Application Security and Development Checklist 2014-12-22

Details

Check Text ( C-17802r1_chk )
Verify the application does not grant access solely based on a resource name (e.g., username, IP address, machine name). Also, verify a username with a blank password does not grant access to the application.

1) If authentication is granted based on a resource name only, it is a finding.
Fix Text (F-17087r1_fix)
Implement authentication on systems requiring access control.