UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network element must be configured to ensure passwords are not viewable when displaying configuration information.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3062 NET0600 SV-41452r2_rule ECSC-1 High
Description
Many attacks information systems and network elements are launched from within the network. Hence, it is imperative that all passwords are encrypted so they cannot be intercepted by viewing the console or printout of the configuration.
STIG Date
Firewall Security Technical Implementation Guide - Cisco 2017-03-02

Details

Check Text ( C-39963r2_chk )
The PIX and ASA device will encrypt both user-mode and enable-mode passwords. When displayed the password will be shown encrypted followed by the keyword "encrypted". Hence, this would never be a finding.
Fix Text (F-3087r7_fix)
Configure the network devices to ensure passwords are not viewable when displaying configuration information.