Title

Clear text passwords for all LDAPv3 directories must be disabled. (Cat I impact)

Discussion

Allowing passwords to be transmitted over the network in clear text could allow an attacker to monitor the network and capture the password packets. This clear text function must be disabled when accessing LDAPv3 directories.

Check Content

Open Finder. Click the Hard Drive icon. Double Click System. Double Click Library. Double Click CoreServices. Double Click Directory Utility. Click the Show Advanced Options button. Click Services tab. Click the Lock and enter the password to unlock the options (if needed). Click the LDAPv3 service. Click the Pencil icon. Highlight the Server Name/Configuration Name. Click Edit. Click on Security tab and verify the "Disable clear text passwords" is checked. If the value is not checked, this is a finding.

Fix Text

Open Finder. Click the Hard Drive icon. Double Click System. Double Click Library. Double Click CoreServices. Double Click Directory Utility. Click the Show Advanced Options button. Click Services tab. Click the Lock and enter the password to unlock the options (if needed). Click the LDAPv3 service. Click the Pencil icon. Highlight the Server Name/Configuration Name. Click Edit. Click the Security tab and select "Disable clear text passwords".

Additional Identifiers

Rule ID: SV-38573r1_rule

Vulnerability ID: V-25557

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.