CVE-2021-35226 An entity in NPM is misconfigured and is exposing the password field to SWIS.
Password fields in NCM are sensitive fields used for authentication and authorization. Improperly configured password fields can lead to security risks like data leakage, misuse, or even unauthorised access. In this article, we will show you how to audit and correct password fields in NCM. Audit password fields in NCM - first step In order to audit password fields, you need to go to Audit menu and click on Edit Audit Settings. You will see the following screen. Click on Configure and enable “Password audit” option. This setting will enable audit rule for password fields. You can now review password fields in audit report. Review audit report of password fields - second step Now, you can correct password fields to meet your organization’s security requirements. In order to correct password fields, go to Audit menu and click on Edit Audit Settings. Then select “Correct Violations” and click on “Add Rule”. You will be redirected to the “Correct Violations” page. Select the violation you want to correct and click on “Correct Violation”.
Audit limitations in NCM
The audit report of password fields in NCM does not include all fields. The following fields are not included in the audit report:
- System policies
- User policy
- Code templates
- Custom code
- Custom groups
How to enable and audit password fields in NCM?
Password fields in NCM are sensitive fields used for authentication and authorization. Improperly configured password fields can lead to security risks like data leakage, misuse, or even unauthorised access. In this article, we will show you how to audit and correct password fields in NCM.
Audit password fields in NCM - first step
In order to audit password fields, you need to go to Audit menu and click on Edit Audit Settings. You will see the following screen. Click on Configure and enable “Password audit” option. This setting will enable meta rule for password fields. You can now review password fields in the audit report.
Review audit report of password fields - second step
Now, you can correct password fields to meet your organization’s security requirements. In order to correct password fields, go to Audit menu and click on Edit Audit Settings. Then select “Correct Violations” and click on “Add Rule”. You will be redirected to the “Correct Violations” page. Select the violation you want to correct and click on “Correct Violation”
Timeline
Published on: 10/10/2022 23:15:00 UTC
Last modified on: 10/11/2022 18:59:00 UTC