UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The VTC system and components must not have default or factory passwords.


Overview

Finding ID Version Rule ID IA Controls Severity
V-17687 RTS-VTC 2020.00 SV-18861r2_rule High
Description
Factory default, well-known, and manufacturer backdoor accounts and their associated passwords provide easy unauthorized access to systems and devices. Leaving such accounts and passwords active on a system or device makes it extremely vulnerable to attack and unauthorized access. As such, they must be removed, changed, renamed, or otherwise disabled. Also covered by this policy are “community strings”, which act as passwords for monitoring and management of network devices and attached systems via SNMP. The universal default SNMP community strings are “public” and private” and are well known. Default access for VTC operation, local and remote control, management, and configuration purposes is typically unrestricted or minimally protected by well-known default passwords. It has been demonstrated that not changing these passwords is the most common cause of VTC system compromise.
STIG Date
Video Services Policy STIG 2020-02-25

Details

Check Text ( C-18957r2_chk )
Review site documentation to confirm VTC system and component default and factory passwords have been changed. This includes SNMP community strings must be changed or replaced prior to the VTU being placed into service. If the VTC system and component default and factory passwords are not changed, this is a finding.

Note: During APL testing, this is a finding in the event default passwords cannot be changed on VTC or VTU.
Fix Text (F-17584r2_fix)
Implement changing all VTC system and component default and factory passwords.