Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6155 | APP3420 | SV-6155r1_rule | DCSQ-1 | Medium |
Description |
---|
If a user cannot log out of the application, subsequent users of a shared system could continue to use the previous user's session to the application. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-12-22 |
Check Text ( C-3034r1_chk ) |
---|
Log on to the application and then attempt to log out. If this option is not available, ask the application representative to explain how this function is performed. 1) If the ability to log out is absent or is hidden to the extent most users cannot reasonably expect to easily find it, it is a finding. |
Fix Text (F-17075r1_fix) |
---|
Implement a capability to terminate a session and logout. |