An error occurred:

Check: APSC-DV-003280

Application Security and Development STIG: APSC-DV-003280 (in versions v6 r1 through v4 r2)

Title

Default passwords must be changed. (Cat I impact)

Discussion

Default passwords can easily be compromised by attackers allowing immediate access to the applications.

Check Content

Identify the application name and version and do an Internet search for the product name and the string "default password". If default passwords are found, attempt to authenticate with the published default passwords. If authentication is successful, this is a finding.

Fix Text

Configure the application to use strong authenticators instead of passwords when possible. Otherwise, change default passwords to a DoD-approved strength password and follow all guidance for passwords.

Additional Identifiers

Rule ID: SV-222662r961863_rule

Vulnerability ID: V-222662

Group Title: SRG-APP-000516

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

Implement the security configuration settings.
CCI-003109

Require the developer of the system, system component, or system service to deliver the system, component, or service with organization-defined security configurations implemented.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings
SA-4(5)

System / Component / Service Configurations