STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

Default passwords must be changed.

DISA Rule

SV-222662r508029_rule

Vulnerability Number

V-222662

Group Title

SRG-APP-000516

Rule Version

APSC-DV-003280

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-003109 - The organization requires the developer of the information system, system component, or information system service to deliver the system, component, or service with organization-defined security configurations implemented.

Weight

10

Fix Recommendation

Configure the application to use strong authenticators instead of passwords when possible. Otherwise, change default passwords to a DoD-approved strength password and follow all guidance for passwords.

Check Contents

Identify the application name and version and do an Internet search for the product name and the string "default password".

If default passwords are found, attempt to authenticate with the published default passwords.

If authentication is successful, this is a finding.

Vulnerability Number

V-222662

Documentable

False

Rule Version

APSC-DV-003280

Severity Override Guidance

Identify the application name and version and do an Internet search for the product name and the string "default password".

If default passwords are found, attempt to authenticate with the published default passwords.

If authentication is successful, this is a finding.

Check Content Reference

M

Target Key

4093

Comments