Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33785 | SRG-OS-000079-MOS-000053 | SV-44210r1_rule | Low |
Description |
---|
To prevent the compromise of authentication information, such as passwords during the authentication process, the feedback from the operating system shall not provide any information allowing an unauthorized user to compromise the authentication mechanism. Otherwise, someone nearby the user (a.k.a., "shoulder surfer") may be able to obtain the password through visual observation. |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2013-07-03 |
Check Text ( C-41303r2_chk ) |
---|
Review the mobile operating system configuration for obscuring passwords on the device's display when entered on the device. If the mobile operating system does not obscure passwords during entry, this is a finding. |
Fix Text (F-37684r1_fix) |
---|
Configure the mobile operating system to obscure passwords on the device's display when they are entered on the device. |