STIGQter STIGQter: STIG Summary: Network Device Management Security Requirements Guide Version: 3 Release: 2 Benchmark Date: 24 Jan 2020: The network device must only store cryptographic representations of passwords.

DISA Rule

SV-69377r3_rule

Vulnerability Number

V-55131

Group Title

SRG-APP-000171-NDM-000258

Rule Version

SRG-APP-000171-NDM-000258

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure the network device, and any associated authentication servers, to store all passwords using cryptographic representations.

Configure all associated databases, configuration files, and log files to use only encrypted representations of passwords, and that no password strings are readable/discernable.

Potential locations include the local file system where configurations and events are stored, or in a network device-related database table.

Check Contents

Review the network device’s files using a text editor or a database tool that allows viewing data stored in database tables. Determine if password strings are readable/discernable.

Determine if the network device, and any associated authentication servers, enforce only storing cryptographic representations of passwords. Verify that databases, configuration files, and log files have encrypted representations of all passwords, and that no password strings are readable/discernable. Potential locations include the local file system where configurations and events are stored, or in a network device related database table. Also identify if the network device uses the MD5 hashing algorithm to create password hashes.

If the network device, or any associated authentication servers, stores unencrypted (clear text) representations of passwords, this is a finding.

If the network device uses MD5 hashing algorithm to create password hashes, this is a finding.

Vulnerability Number

V-55131

Documentable

False

Rule Version

SRG-APP-000171-NDM-000258

Severity Override Guidance

Review the network device’s files using a text editor or a database tool that allows viewing data stored in database tables. Determine if password strings are readable/discernable.

Determine if the network device, and any associated authentication servers, enforce only storing cryptographic representations of passwords. Verify that databases, configuration files, and log files have encrypted representations of all passwords, and that no password strings are readable/discernable. Potential locations include the local file system where configurations and events are stored, or in a network device related database table. Also identify if the network device uses the MD5 hashing algorithm to create password hashes.

If the network device, or any associated authentication servers, stores unencrypted (clear text) representations of passwords, this is a finding.

If the network device uses MD5 hashing algorithm to create password hashes, this is a finding.

Check Content Reference

M

Target Key

2729

Comments