Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-255265 | SSMC-WS-020010 | SV-255265r961863_rule | Medium |
Description |
---|
Accounts secured with only a password are subject to multiple forms of attack, from brute force, to social engineering. By enforcing strict two-factor authentication, this reduces the risk of account compromise by requiring an additional factor that is not a password. Strict two-factor authentication is enabled by default. However, this is enforced only when two-factor authentication is configured and active. This blocks access to web administrator console for ssmcadmin as this is a local account authenticated using password credentials. To allow access to administrator console, disable this strict two-factor authentication setting. |
STIG | Date |
---|---|
HPE 3PAR SSMC Web Server Security Technical Implementation Guide | 2024-05-30 |
Check Text ( C-58878r869962_chk ) |
---|
Verify that SSMC is configured to enforce strict two-factor authentication by doing the following: 1. Log on to SSMC appliance as ssmcadmin. 2. Navigate to the Advanced Features section of the TUI by pressing "9" then "2". If the Advanced Features sections displays "Enable strict two-factor authentication", this is a finding. 3. Escape to the bash shell by pressing "X". 4. Check the two-factor authentication property values in the /opt/hpe/ssmc/ssmcbase/resources/ssmc.properties file with the following command: $ grep ^security.twofactor /opt/hpe/ssmc/ssmcbase/resources/ssmc.properties security.twofactor.strict = true security.twofactor.enabled = true If the properties for "security.twofactor.strict" and "security.twofactor.enabled" are not set to "true" or are missing, this is a finding. |
Fix Text (F-58822r869963_fix) |
---|
Configure SSMC to enforce strict two-factor authentication by doing the following: 1. Log on to SSMC appliance as ssmcadmin. 2. Navigate to the Advanced Features section of the TUI by pressing "9" then "2". Press "1" to "Enable strict two-factor authentication" and "Y" to confirm. 3. Escape to the bash shell by pressing "X". 4. Enable and enforce strict two-factor authentication by setting these two properties in /opt/hpe/ssmc/ssmcbase/resources/ssmc.properties: security.twofactor.enabled = true security.twofactor.strict = true |