The Cisco IOS XE router must store only encrypted representations of passwords.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-74023 | CISR-ND-000062 | SV-88697r2_rule | Medium |
| Description |
|---|
| Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Network devices must enforce password encryption when storing passwords. |
| STIG | Date |
|---|---|
| Cisco IOS XE Release 3 NDM Security Technical Implementation Guide | 2018-12-20 |
Details
| Check Text ( C-74113r3_chk ) |
|---|
| Verify that Cisco IOS XE router has password encryption enabled. The configuration should look similar to the example below: password encryption aes service password-encryption If password encryption is not enabled, this is a finding. |
| Fix Text (F-80565r2_fix) |
|---|
| Add the following command to encrypt local passwords: service password-encryption |