The VPN gateway server must enforce a policy to the software client to disallow the remote client from being able to save the logon password locally on the remote PC.

From IPSec VPN Gateway Security Technical Implementation Guide

Part of The VPN gateway server allows password saving.

Associated with IA controls: ECSC-1

SV-40987r1_rule The VPN gateway server must enforce a policy to the software client to disallow the remote client from being able to save the logon password locally on the remote PC.

Vulnerability discussion

Enabling the password save function requires users to only enter their password once when establishing the VPN tunnel. After that the software client will automatically re-enter the password when prompted for credentials by the VPN gateway.

Check content

Review all ISAKMP client configuration groups used to push policy to remote software clients and determine if the software client allows the users to save their logon password locally on the remote PC. Note: This vulnerability is only applicable if certificate-based authentication is not implemented.

Fix text

Configure the ISAKMP client configuration groups used to push policy to remote software clients to disable the ability for users to save their logon password locally on the remote PC.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.