Check: SRG-APP-000172-NDM-000259
Network Device Management SRG:
SRG-APP-000172-NDM-000259
(in versions v4 r3 through v2 r7)
Title
The network device must transmit only encrypted representations of passwords. (Cat I impact)
Discussion
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Network devices can accomplish this by making direct function calls to encryption modules or by leveraging operating system encryption capabilities.
Check Content
Determine if the network device or its associated authentication server transmits only encrypted representations of passwords. This requirement may be verified by demonstration or configuration review. If the network device or the associated authentication server transmits unencrypted representations of passwords, this is a finding.
Fix Text
Configure the network device or its associated authentication server to transmit only encrypted representations of passwords.
Additional Identifiers
Rule ID: SV-202065r879609_rule
Vulnerability ID: V-202065
Group Title: SRG-APP-000172
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000197 |
The information system, for password-based authentication, transmits only cryptographically-protected passwords. |
Controls
Number | Title |
---|---|
IA-5 (1) |
Password-Based Authentication |