Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
User passwords can be retrieved and viewed in clear text by another user.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-7966 | DSN13.10 | SV-8452r1_rule | ECSC-1 IAIA-1 IAIA-2 | Medium |
| Description |
|---|
| Requirement: The IAO will ensure that users’ passwords are not displayed in the clear when logging into the system. Password integrity is non existent if passwords are stored or displayed in clear text. Many attacks on DOD computer systems are launched internally by unsatisfied or disgruntled employees. It is imperative that all DSN systems be configured to store passwords in encrypted format. This will ensure password integrity by other system users who have privileged system access. |
| STIG | Date |
|---|---|
| Defense Switched Network (DSN) STIG | 2015-06-30 |
Details
| Check Text ( C-4155r1_chk ) |
|---|
| >TABLE OFCOPT; PASSWORD_ENCRYPTED =Y |
| Fix Text (F-7541r1_fix) |
|---|
| Ensure that the DSN component is provisioned to store all passwords in an encrypted format. |