STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:SV-222554r508029_rule
V-222554
SRG-APP-000178
APSC-DV-001850
CAT I
10
Configure the application to obfuscate passwords and PINs when they are being entered so they cannot be read.
Design the application so obfuscated passwords cannot be copied and then pasted as clear text.
Ask the application admin to log on to the application.
Observe the authentication process and verify any display feedback provided when the admin enters her/his password is obfuscated and not clear text.
For applications that display authentication feedback for a very limited time, ensure the feedback time the character is displayed is only momentary i.e., fractions of a second.
Using a text editor, copy the obfuscated password and paste to a text file. Do not save the file.
If the application displays clear text when the password/PIN is entered, or if the time period for displayed feedback exceeds fractions of a second, or if the clear text password/PIN is displayed when pasted, this is a finding.
V-222554
False
APSC-DV-001850
Ask the application admin to log on to the application.
Observe the authentication process and verify any display feedback provided when the admin enters her/his password is obfuscated and not clear text.
For applications that display authentication feedback for a very limited time, ensure the feedback time the character is displayed is only momentary i.e., fractions of a second.
Using a text editor, copy the obfuscated password and paste to a text file. Do not save the file.
If the application displays clear text when the password/PIN is entered, or if the time period for displayed feedback exceeds fractions of a second, or if the clear text password/PIN is displayed when pasted, this is a finding.
M
4093