STIGQter: STIG Summary: Application Server Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 23 Oct 2020:

The application server must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.

DISA Rule

SV-204757r508029_rule

Vulnerability Number

V-204757

Group Title

SRG-APP-000178

Rule Version

SRG-APP-000178-AS-000127

Severity

CAT II

CCI(s)

• CCI-000206 - The information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.

Weight

10

Fix Recommendation

Configure the application server to obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.

Check Contents

Review the application server documentation and configuration to determine if any interfaces which are provided for authentication purposes display the user's password when it is typed into the data entry field.

If authentication information is not obfuscated when entered, this is a finding.

Vulnerability Number

V-204757

Documentable

False

Rule Version

SRG-APP-000178-AS-000127

Severity Override Guidance

Review the application server documentation and configuration to determine if any interfaces which are provided for authentication purposes display the user's password when it is typed into the data entry field.

If authentication information is not obfuscated when entered, this is a finding.

Check Content Reference

M

Target Key

2900

Comments