STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must not contain embedded authentication data.

DISA Rule

SV-222642r508029_rule

Vulnerability Number

V-222642

Group Title

SRG-APP-000516

Rule Version

APSC-DV-003110

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Remove embedded authentication data stored in code, configuration files, scripts, HTML file, or any ASCII files.

Check Contents

Review the application documentation and any available source code; this includes configuration files such as global.asa, if present, scripts, HTML files, and any ASCII files.

Identify any instances of passwords, certificates, or sensitive data included in code.

If credentials were found, check the file permissions and ownership of the offending file.

If access to the folder hosting the file is not restricted to the related application process and administrative users, this is a finding.

The finding details should note specifically where the offending credentials or data were located and what resources they enabled.

Vulnerability Number

V-222642

Documentable

False

Rule Version

APSC-DV-003110

Severity Override Guidance

Review the application documentation and any available source code; this includes configuration files such as global.asa, if present, scripts, HTML files, and any ASCII files.

Identify any instances of passwords, certificates, or sensitive data included in code.

If credentials were found, check the file permissions and ownership of the offending file.

If access to the folder hosting the file is not restricted to the related application process and administrative users, this is a finding.

The finding details should note specifically where the offending credentials or data were located and what resources they enabled.

Check Content Reference

M

Target Key

4093

Comments