UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must obscure feedback of authentication information during the authentication process to protect the information from possible use by unauthorized individuals.


Overview

Finding ID Version Rule ID IA Controls Severity
V-37201 SRG-NET-000167-FW-000097 SV-48962r1_rule Medium
Description
To prevent the compromise of authentication information, such as passwords during the authentication process, the feedback from the information system shall not provide any information that would allow an unauthorized user to compromise the authentication mechanism. During the authentication process, malicious users can gain knowledge of passwords by simply walking by a user logging on, and viewing what had been input. Obfuscation of user provided information when typed into the system is a method used in addressing this risk.
STIG Date
Firewall Security Requirements Guide 2013-04-24

Details

Check Text ( C-45515r1_chk )
If authentication functionality is provided by the underlying platform's account management system or by a network authentication server rather than the firewall application itself, this is not a finding.

Review the firewall configuration and settings to determine if authentication information (e.g., passwords) is displayed in clear text during authentication.

If authentication information, such as passwords, is displayed in clear text during the authentication process, this is a finding.
Fix Text (F-42139r1_fix)
Configure the authentication function to obscure feedback of authentication information during the authentication process.