SSMC web server must enable strict two-factor authentication for access to the webUI.
An XCCDF Rule
Description
<VulnDiscussion>Accounts secured with only a password are subject to multiple forms of attack, from brute force, to social engineering. By enforcing strict two-factor authentication, this reduces the risk of account compromise by requiring an additional factor that is not a password. Strict two-factor authentication is enabled by default. However, this is enforced only when two-factor authentication is configured and active. This blocks access to web administrator console for ssmcadmin as this is a local account authenticated using password credentials. To allow access to administrator console, disable this strict two-factor authentication setting.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-255265r879887_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure SSMC to enforce strict two-factor authentication by doing the following:
1. Log on to SSMC appliance as ssmcadmin.
2. Navigate to the Advanced Features section of the TUI by pressing "9" then "2". Press "1" to "Enable strict two-factor authentication" and "Y" to confirm.