UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The mobile operating system must not transmit passwords in clear text.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33001 SRG-OS-000074-MOS-000049 SV-43399r2_rule High
Description
Transmission of passwords in clear text reveals the password to any adversary who can successfully eavesdrop on the communication. In the case of wireless communication, the ability to eavesdrop is available to anyone within the range of the device's radio signal, which in some cases can be miles. Once an adversary has obtained a password, the adversary may be able to use it to compromise sensitive DoD information or other DoD information systems. Using methods that avoid the transmission of passwords in clear text mitigates the risk of this attack. The OS may be reliant on an external function or that present in the OS’ browser to enforce the password encryption function.
STIG Date
Mobile Operating System Security Requirements Guide 2013-07-03

Details

Check Text ( C-41298r1_chk )
Review the mobile operating system configuration to determine if it is possible to transmit passwords in clear text. If the mobile operating system transmits passwords in clear text, this is a finding.
Fix Text (F-36913r1_fix)
Configure the mobile operating system to prohibit transmitting passwords in clear text.