Default passwords and user names have not been changed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-7957	DSN13.02	SV-8443r1_rule	ECSC-1 IAIA-1 IAIA-2	High

Description
Requirement: The IAO will ensure that all system default passwords and user names are changed prior to connection to the DSN. Systems not protected with strong password schemes provide the opportunity for anyone to crack the password, gain access to the system, and cause information damage, or denial of service. Default user accounts and passwords must be changed prior to any user connection to a DSN system. This will prevent commonly known and used user accounts from being used by unauthorized users.

Description

Requirement: The IAO will ensure that all system default passwords and user names are changed prior to connection to the DSN. Systems not protected with strong password schemes provide the opportunity for anyone to crack the password, gain access to the system, and cause information damage, or denial of service. Default user accounts and passwords must be changed prior to any user connection to a DSN system. This will prevent commonly known and used user accounts from being used by unauthorized users.

STIG	Date
Defense Switched Network STIG	2015-01-02

Details

Check Text ( C-7338r1_chk )
Interview the IAO or SA and confirm compliance through discussion, review of site policy, diagrams, documentation, DAA approvals, etc as applicable.

Fix Text (F-7532r1_fix)
Delete / change default accts and passwords - Check the component or system for default vendor accounts and passwords. If possible, delete or rename the account and change the default password.