Title

The Riverbed NetIM must enforce a minimum 15-character password length. (Cat II impact)

Discussion

Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset or set of resources. Information systems use access control policies and enforcement mechanisms to implement this requirement. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization.

Check Content

Verify Password Rules is configured to use a 15-character password. 1. From the GUI, navigate to Configuration >> Configure >> All Settings >> Administer. 2. On the User Management screen, select "Password Rules". 3. View the Maximum Password Length box. If a 15-character password is not required, this is a finding.

Fix Text

Configure Password Rules to use a 15-character password. 1. From the GUI, navigate to Configuration >> Configure >> All Settings >> Administer. 2. On the User Management screen, select "Password Rules". 3. Check the Maximum Password Length box. 4. Enter "15" in the option box and click "Submit".

Additional Identifiers

Rule ID: SV-275465r1147445_rule

Vulnerability ID: V-275465

Group Title: SRG-APP-000164-NDM-000252

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.