The HYCU virtual appliance must implement replay-resistant authentication mechanisms for network access to privileged accounts.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-268260	SRG-APP-000156-NDM-000250	HYCU-ND-000520	SV-268260r1038716_rule	2024-10-29	1

Description
A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be vulnerable to a replay attack. An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one-time use) or challenges (e.g., TLS, WS_Security). Additional techniques include time-synchronous or challenge-response one-time authenticators.

Description

A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be vulnerable to a replay attack. An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one-time use) or challenges (e.g., TLS, WS_Security). Additional techniques include time-synchronous or challenge-response one-time authenticators.

ℹ️ Check
The use of SSH-2 protocol for network/remote access prevents replay attacks. The SSH-2 protocol is the standard for the SSH daemon in the Linux OS used by HYCU. To determine the SSH version in use, log in to the HYCU console and execute the following command: ssh -v localhost If the output does not show remote protocol version 2.0 in use, this is a finding. HYCU web access uses TLS, which addresses this threat. HYCU web access cannot be configured to not use TLS.

ℹ️ Check

The use of SSH-2 protocol for network/remote access prevents replay attacks. The SSH-2 protocol is the standard for the SSH daemon in the Linux OS used by HYCU. To determine the SSH version in use, log in to the HYCU console and execute the following command: ssh -v localhost If the output does not show remote protocol version 2.0 in use, this is a finding. HYCU web access uses TLS, which addresses this threat. HYCU web access cannot be configured to not use TLS.

✔️ Fix
Log in to the HYCU console and configure SSH to use the SSH-2 protocol by editing the protocol variable in the file "/etc/ssh/sshd_config".