Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-71683 | SRG-NET-000512-VVSM-00054 | SV-86307r1_rule | Medium |
Description |
---|
Passwords need to be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Voice Video Session Managers must enforce password encryption when storing passwords within configuration files. |
STIG | Date |
---|---|
Voice Video Session Management Security Requirements Guide | 2017-12-28 |
Check Text ( C-71993r1_chk ) |
---|
Verify the Voice Video Session Manager is configured to obfuscate passwords within configuration files. If the Voice Video Session Manager is not configured to obfuscate passwords within configuration files, this is a finding. |
Fix Text (F-78011r1_fix) |
---|
Configure the Voice Video Session Manager to obfuscate passwords within configuration files. |