Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Clear text passwords for all LDAPv3 directories must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25557 | OSX00121 M6 | SV-38573r1_rule | ECCT-1 ECCT-2 | High |
| Description |
|---|
| Allowing passwords to be transmitted over the network in clear text could allow an attacker to monitor the network and capture the password packets. This clear text function must be disabled when accessing LDAPv3 directories. |
| STIG | Date |
|---|---|
| MAC OSX 10.6 Workstation Security Technical Implementation Guide | 2012-01-30 |
Details
| Check Text ( C-37766r1_chk ) |
|---|
| Open Finder. Click the Hard Drive icon. Double Click System. Double Click Library. Double Click CoreServices. Double Click Directory Utility. Click the Show Advanced Options button. Click Services tab. Click the Lock and enter the password to unlock the options (if needed). Click the LDAPv3 service. Click the Pencil icon. Highlight the Server Name/Configuration Name. Click Edit. Click on Security tab and verify the "Disable clear text passwords" is checked. If the value is not checked, this is a finding. |
| Fix Text (F-33011r1_fix) |
|---|
| Open Finder. Click the Hard Drive icon. Double Click System. Double Click Library. Double Click CoreServices. Double Click Directory Utility. Click the Show Advanced Options button. Click Services tab. Click the Lock and enter the password to unlock the options (if needed). Click the LDAPv3 service. Click the Pencil icon. Highlight the Server Name/Configuration Name. Click Edit. Click the Security tab and select "Disable clear text passwords". |