The network device must display an explicit logout message to administrators indicating the reliable termination of authenticated communications sessions.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-202086 | SRG-APP-000297 | SRG-APP-000297-NDM-000281 | SV-202086r961227_rule | 2025-02-11 | 5 |
| Description |
|---|
| If an explicit logout message is not displayed and the administrator does not expect to see one, the administrator may inadvertently leave a management session un-terminated. The session may remain open and be exploited by an attacker; this is referred to as a zombie session. Administrators need to be aware of whether or not the session has been terminated. A prompt for new logon is an acceptable indication of previous session termination. If the device takes the user back to the logon page or prompt after selecting the logoff button, it is considered an explicit logout message. In the case of terminal sessions (such as SSH), an explicit logoff message is displayed by the client application. Usually this is a message such as "connect closed by remote host" displayed by the client. For a terminal connected to the console port of a network device, either a logoff message is displayed or the device takes the user back to the logon prompt. |
| ℹ️ Check |
|---|
| This requirement may be verified by demonstration. If an explicit logoff message is not displayed, or provides clear evidence that the session has been terminated, this is a finding. |
| ✔️ Fix |
|---|
| Configure the network device to display an explicit logoff message to administrators indicating the reliable termination of authenticated communications sessions. This may be a capability the device is inherently capable of. |