Summary

The authentication must have a separate interface for on-screen credentials input.

Description

This requirements suggests that there should be a separated user interface element for users to input their authentication credentials. The separation of the interface helps to mitigate the risk of credential exposure.

References

• NIST80053-SC-3. Security function isolation
• OWASP10-A5. Security misconfiguration
• HITRUST-08_b. Physical entry controls
• ISO27002-7_3. Securing offices, rooms and facilities
• WASC-W_01. Insufficient authentication
• NIST800171-1_17. Protect wireless access using authentication and encryption
• ASVS-14_1_5. Build and deploy
• CWE-1262. Improper access control for register interface
• ISO27001-7_3. Securing offices, rooms and facilities
• CASA-14_1_5. Build and Deploy
• FISMA-SC-3. Security function isolation
• OWASPMASVS-AUTH-1. The app uses secure authentication and authorization protocols and follows the relevant best practices

Weaknesses

• 006. Authentication mechanism absence or evasion
• 240. Authentication mechanism absence or evasion - OTP
• 241. Authentication mechanism absence or evasion - AWS
• 242. Authentication mechanism absence or evasion - WiFi
• 243. Authentication mechanism absence or evasion - Admin Console
• 244. Authentication mechanism absence or evasion - BIOS
• 298. Authentication mechanism absence or evasion - Redirect
• 299. Authentication mechanism absence or evasion - JFROG
• 300. Authentication mechanism absence or evasion - Azure
• 365. Authentication mechanism absence or evasion - Response tampering
• 370. Authentication mechanism absence or evasion - Security Image