1.4.3.3 Ensure 'aaa authentication secure-http-client' is configured correctly

Information

Provides a secure method, SSL, to protect username and password to be sent in clear text

Rationale:

If HTTP authentication is used without the command aaa authentication secure-http-client, the username and password are sent from the client to the security appliance in clear text.

Solution

Configure the secure aaa authentication for http

hostname(config)#aaa authentication secure-http-client

Default Value:

The secure aaa authentication for http is disabled by default

See Also

https://workbench.cisecurity.org/files/3294

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2(9), CSCv7|4.3

Plugin: Cisco

Control ID: 2d2faeb7fbb52b15648fccc4b0eb01188e14a67a26067d0f70578695d90c2b7f