Details
Provides a secure method, SSL, to protect username and password to be sent in clear text
Rationale:
If HTTP authentication is used without the command aaa authentication secure-http-client, the username and password are sent from the client to the security appliance in clear text.
Solution
Configure the secure aaa authentication for http
hostname(config)#aaa authentication secure-http-client
Default Value:
The secure aaa authentication for http is disabled by default
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Cisco.