UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The VPN gateway server must enforce a policy to the software client to disallow the remote client from being able to save the logon password locally on the remote PC.


Overview

Finding ID Version Rule ID IA Controls Severity
V-30945 NET-VPN-250 SV-40987r1_rule ECSC-1 Medium
Description
Enabling the password save function requires users to only enter their password once when establishing the VPN tunnel. After that the software client will automatically re-enter the password when prompted for credentials by the VPN gateway.
STIG Date
IPSec VPN Gateway Security Technical Implementation Guide 2017-03-02

Details

Check Text ( C-39604r1_chk )
Review all ISAKMP client configuration groups used to push policy to remote software clients and determine if the software client allows the users to save their logon password locally on the remote PC.

Note: This vulnerability is only applicable if certificate-based authentication is not implemented.
Fix Text (F-34754r1_fix)
Configure the ISAKMP client configuration groups used to push policy to remote software clients to disable the ability for users to save their logon password locally on the remote PC.