| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-206600 | CAT II | MONT-DB-002 | Database Security Requirements Guide | The DBMS must require users to reauthenticate when... | - | |||
Check TextReview the system documentation and the configuration of the DBMS and related applications and tools. If there are any circumstances under which a user is not required to reauthenticate when changing role or escalating privileges, this is a finding. If the information owner has identified additional cases where reauthentication is needed, but there are circumstances where the system does not ask the user to reauthenticate when those cases occur, this is a finding. Fix TextModify and/or configure the DBMS and related applications and tools so that users are always required to reauthenticate when changing role or escalating privileges. Modify and/or configure the DBMS and related applications and tools so that users are always required to reauthenticate when the specified cases needing reauthorization occur. CommentsThe DBMS requires reauthentication when changing role or escalating privileges. Creation of password-based installer accounts is initiated from shore and utilize the procedure SC_RemoteUserMaint. Password-based application accounts are created and maintained through the application using the procedure SC_UserMaint. Both procedures use the FORCE PASSWORD CHANGE ON clause when creating or altering a login.
Source: Montford Point ShipCLIP DB V4R4.ckl
Scan Date: 2026-03-06T12:50:21.809591
Technology Area: Database Review
|
||||||||