The HYCU server must terminate shared/group account credentials when members leave the group.
An XCCDF Rule
Description
<VulnDiscussion>A shared/group account credential is a shared form of authentication that allows multiple individuals to access the network device using a single account. If shared/group account credentials are not terminated when individuals leave the group, the user that left the group can still gain access even though they are no longer authorized. There may also be instances when specific user actions need to be performed on the network device without unique administrator identification or authentication. Examples of credentials include passwords and group membership certificates.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-246821r768127_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Within the HYCU Web UI, remove the users or groups that no longer need access.
If any AD users or groups have been left within the HYCU Web UI in the Self-Service menu, remove users that are no longer needed from their respective AD groups.