Detections
Analytics

1.98 UBTU-22-611055

Information

The operating system must store only encrypted representations of passwords.

GROUP ID: V-260569
RULE ID: SV-260569r1044767

Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed as per policy requirements.

Solution

Configure the operating system to store encrypted representations of passwords.

Add or modify the following line in the "/etc/pam.d/common-password" file:

password [success=1 default=ignore] pam_unix.so obscure sha512 shadow remember=5 rounds=100000

See Also

https://workbench.cisecurity.org/benchmarks/22168

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CAT|II, CCI|CCI-000196, CCI|CCI-004062, CSCv7|16.4, Rule-ID|SV-260569r1044767_rule, STIG-ID|UBTU-22-611055, Vuln-ID|V-260569

Plugin: Unix

Control ID: 954d007799cffba32fdaa28e092f7fe5bde56f13250183476b209293d44535cf