The operating system must require users to re-authenticate when changing authenticators.

STIG ID: SRG-OS-000373-GPOS-00158  |  SRG: SRG-OS-000373 |  Severity: medium |  CCI: CCI-002038 |  Vulnerability Id: V-203725 | 

Vulnerability Discussion

Without re-authentication, users may access resources or perform tasks for which they do not have authorization.

When operating systems provide the capability to change user authenticators, it is critical the user re-authenticate.

Check

Verify the operating system requires users to re-authenticate when changing authenticators. If it does not, this is a finding.

Fix

Configure the operating system to require users to re-authenticate when changing authenticators.