UCF STIG Viewer Logo

In order to inform administrators of failed login attempts made to the administrators account, the application server management interface, upon successful logon/access, must display to the user the number of unsuccessful logon/access attempts since the last successful logon/access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35131 SRG-APP-000076-AS-000041 SV-46418r1_rule Low
Description
AS administrators need to be aware of activity that occurs regarding their account. Providing AS administrators with information regarding the number of unsuccessful login attempts made to their account allows them to determine if any unauthorized activity has occurred and gives them an opportunity to notify or coordinate with the appropriate security personnel and ensure other systems have not been affected. If administrators are not aware of potential attacks against a system, they cannot perform due diligence to ensure access is not granted to unauthorized users.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43519r1_chk )
Review AS product documentation and configuration to determine if the administrators are informed of the number of unsuccessful login attempts since the last successful login

If the administrators are not informed of this information, this is a finding.
Fix Text (F-39683r1_fix)
Configure the AS to display the number of unsuccessful login attempts since the last successful login.