The DNS implementation must obscure feedback of authentication information during the authentication process to protect the information from possible use by unauthorized individuals.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34118	SRG-NET-000167-DNS-000106	SV-44571r1_rule		Medium

Description
To prevent the compromise of authentication information, such as passwords during the authentication process, the feedback from the information system shall not provide any information that would allow an unauthorized user to compromise the authentication mechanism. During the authentication process, malicious users can gain knowledge of passwords by simply walking by a user logging on, and viewing what had been input. Obfuscation of user provided information when typed into the system is a method used in addressing this risk.

Description

To prevent the compromise of authentication information, such as passwords during the authentication process, the feedback from the information system shall not provide any information that would allow an unauthorized user to compromise the authentication mechanism. During the authentication process, malicious users can gain knowledge of passwords by simply walking by a user logging on, and viewing what had been input. Obfuscation of user provided information when typed into the system is a method used in addressing this risk.

STIG	Date
Domain Name System (DNS) Security Requirements Guide	2012-10-24

Details

Check Text ( C-42078r1_chk )
Review the DNS system configuration and settings to determine if authentication information (passwords) is displayed in clear text during authentication. If passwords are displayed in clear text during the authentication process, this is a finding.

Fix Text (F-38028r1_fix)
Configure the DNS system to obscure feedback of authentication information during the authentication process to protect the information from possible use by unauthorized individuals.