Free DISA STIG and SRG Library | Vaulted

V-30945

The VPN gateway server must enforce a policy to the software client to disallow the remote client from being able to save the logon password locally on the remote PC.

Finding ID
NET-VPN-250
Rule ID
SV-40987r1_rule
Severity
Cat II
CCE
(None)
Group Title
The VPN gateway server allows password saving.
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

Enabling the password save function requires users to only enter their password once when establishing the VPN tunnel. After that the software client will automatically re-enter the password when prompted for credentials by the VPN gateway.

Fix Text

Configure the ISAKMP client configuration groups used to push policy to remote software clients to disable the ability for users to save their logon password locally on the remote PC.

Check Content

Review all ISAKMP client configuration groups used to push policy to remote software clients and determine if the software client allows the users to save their logon password locally on the remote PC. Note: This vulnerability is only applicable if certificate-based authentication is not implemented.

Responsibility

Information Assurance Officer

IA Controls

ECSC-1