The VPN gateway server must enforce a policy to the software client to disallow the remote client from being able to save the logon password locally on the remote PC.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-30945 | NET-VPN-250 | SV-40987r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Enabling the password save function requires users to only enter their password once when establishing the VPN tunnel. After that the software client will automatically re-enter the password when prompted for credentials by the VPN gateway. |
| STIG | Date |
|---|---|
| IPSec VPN Gateway Security Technical Implementation Guide | 2018-11-27 |
Details
| Check Text ( C-39604r1_chk ) |
|---|
| Review all ISAKMP client configuration groups used to push policy to remote software clients and determine if the software client allows the users to save their logon password locally on the remote PC. Note: This vulnerability is only applicable if certificate-based authentication is not implemented. |
| Fix Text (F-34754r1_fix) |
|---|
| Configure the ISAKMP client configuration groups used to push policy to remote software clients to disable the ability for users to save their logon password locally on the remote PC. |