The application password must not be changeable by users other than the administrator or the user with which the password is associated.
An XCCDF Rule
Description
<VulnDiscussion>If the application allows user A to change user B's password, user B can be locked out of the application, and user A is provided the ability to grant themselves access to the application as user B. This violates application integrity and availability principles. Many applications provide a password reset capability that allows the user to reset their password if they forget it. Protections must be utilized when establishing a password change or reset capability to prevent user A from changing user B's password. Protection is usually accomplished by having each user provide an out of bounds (OOB) communication address such as a separate email address or SMS/text address (mobile phone) that can be used to transmit password reset/change information. This OOB information is usually provided by the user when the user account is created. The OOB information is validated as part of the user account creation process by sending an account validation request to the OOB address and having the user respond to the request. Applications must prevent users other than the administrator or the user associated with the account from changing the account password.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-222548r879887_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Use a CAC to authenticate users instead of using passwords. If application users are prohibited or prevented from obtaining a CAC due to DoD policy requirements and passwords are the only viable option, design the application to utilize a secure password change or password reset process.
Utilize out of band (OOB) communication techniques to communicate password change requests to users.
Ensure verification processes exist that allow users to validate the change request prior to implementing the password change.