UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Juniper EX switch must change credentials for account of last resort when administrators who know the credential leave the organization.


Overview

Finding ID Version Rule ID IA Controls Severity
V-253946 JUEX-NM-000910 SV-253946r1001015_rule Medium
Description
A shared/group account credential is a shared form of authentication that allows multiple individuals to access the network device using a single account. If shared/group account credentials are not terminated when individuals leave the group, the user that left the group can still gain access even though they are no longer authorized. There may also be instances when specific user actions need to be performed on the network device without unique administrator identification or authentication. Examples of credentials include passwords and group membership certificates.
STIG Date
Juniper EX Series Switches Network Device Management Security Technical Implementation Guide 2024-06-20

Details

Check Text ( C-57398r843869_chk )
Review the site's SSP to verify the password for the account of last resort and the root account are changed when a system administrator with knowledge of the password leaves or no longer has a need to know/access.

If the credentials for account of last resort are not changed when administrators who know the credential leave the organization, this is a finding.
Fix Text (F-57349r843870_fix)
Document this process in the SSP. Change the account of last resort to a new password when administrators who know the credential leave the organization

Set the password for the account of last resort:
set system login user authentication plain-text-password
New password:
Retype new password: