Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-55199 | SRG-APP-000297-NDM-000281 | SV-69445r1_rule | Medium |
Description |
---|
If an explicit logout message is not displayed and the administrator does not expect to see one, the administrator may inadvertently leave a management session un-terminated. The session may remain open and be exploited by an attacker; this is referred to as a zombie session. Administrators need to be aware of whether or not the session has been terminated. |
STIG | Date |
---|---|
Network Device Management Security Requirements Guide | 2015-06-26 |
Check Text ( C-55819r1_chk ) |
---|
Review the network device configuration to determine if it displays an explicit logout message to administrators indicating the reliable termination of authenticated communications sessions. This requirement may be verified by demonstration. If an explicit logout message is not displayed, this is a finding. |
Fix Text (F-60063r1_fix) |
---|
Configure the network device to display an explicit logout message to administrators indicating the reliable termination of authenticated communications sessions. |