User passwords can be retrieved and viewed in clear text by another user.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-7966	DSN13.10	SV-8452r1_rule	ECSC-1 IAIA-1 IAIA-2	Medium

Description
Requirement: The IAO will ensure that users’ passwords are not displayed in the clear when logging into the system. Password integrity is non existent if passwords are stored or displayed in clear text. Many attacks on DOD computer systems are launched internally by unsatisfied or disgruntled employees. It is imperative that all DSN systems be configured to store passwords in encrypted format. This will ensure password integrity by other system users who have privileged system access.

Description

Requirement: The IAO will ensure that users’ passwords are not displayed in the clear when logging into the system. Password integrity is non existent if passwords are stored or displayed in clear text. Many attacks on DOD computer systems are launched internally by unsatisfied or disgruntled employees. It is imperative that all DSN systems be configured to store passwords in encrypted format. This will ensure password integrity by other system users who have privileged system access.

STIG	Date
Defense Switched Network STIG	2015-01-02

Details

Check Text ( C-4155r1_chk )
>TABLE OFCOPT; PASSWORD_ENCRYPTED =Y

Fix Text (F-7541r1_fix)
Ensure that the DSN component is provisioned to store all passwords in an encrypted format.