Documentation - V-222531

V-222531

Application Security and Development Security Technical Implementation Guide

CAT II

Title

The application must implement replay-resistant authentication mechanisms for network access to nonprivileged accounts.

Description

<VulnDiscussion>A replay attack is a man-in-the-middle style attack which allows an attacker to repeat or alter a valid data transmission that may enable unauthorized access to the application. Authentication sessions between the authenticating client and the application server validating the user credentials must not be vulnerable to a replay attack. The protection methods selected to protect against a replay attack will vary according to the application architecture. An authentication proces...

Fix Text (Documentation Requirement)

Design and configure the application to utilize replay-resistant mechanisms when authenticating nonprivileged accounts.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel