Network Device Management Rules : Ensuring local shared and group account credentials are terminated
  
Ensuring local shared and group account credentials are terminated
Rule Title: RiOS must terminate local shared and group account credentials, such as the Admin account, when members who know the account password leave the group.
STIG ID: RICX-DM-000002
Rule ID: SV-77325r1_rule Severity: CAT II
Vuln ID: V-62835 Class: Unclass
If shared or group account credentials are not terminated when individuals leave the group, the user that left the group can still gain access even though they are no longer authorized.
A shared or group account credential is a shared form of authentication that allows multiple individuals to access the network device using a single account. There might also be instances when specific user actions need to be performed on the network device without unique administrator identification or authentication. Examples include system accounts, account of last resort, accounts used for testing/maintenance, and shared secrets that are configured on the administrator's workstation.
When users with knowledge of the account of last resort or default accounts are no longer authorized, account credentials must be changed in accordance with the DoD policy.
Verifying local shared and group account credentials are terminated
Verify local shared and group account credentials, such as the Admin account, when members who know the account password leave the group.
1. Connect to the Management Console.
2. Type admin in the Username text box.
3. Type password in the Password text box.
4. Click Log In. If login occurs and administrative access is allowed, this is a security vulnerability finding.
Terminating local shared and group account credentials
Terminate local shared and group account credentials, such as the Admin account, when members who know the account password leave the group.
1. Connect to the Management Console.
2. Type admin in the Username text box.
3. Type password in the Password text box.
4. Click Log In. If login occurs and administrative access is allowed, this is a security vulnerability finding.
5. Choose Administration > My Account to display the My Account page.
6. Select the Change Password check box.
7. Type and confirm the new password.
8. Click Apply.
9. On the top right-hand side of the page, click Logout to exit the current session.
10. Reconnect to the Management Console.
11. Log in as the admin user.
12. Type the new password and click Log In. Verify that the administrator obtains access to the Management Console Home Page.
13. On the top right-hand side of the page, click Logout to exit the current session.