Detections
Analytics

1.82 UBTU-24-400220

Information

The operating system must store only encrypted representations of passwords.

GROUP ID: V-270725
RULE ID: SV-270725r1066664

Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed as per policy requirements.

Solution

Configure the operating system to store encrypted representations of passwords.

Add or modify the following line in the "/etc/pam.d/common-password" file:

password [success=1 default=ignore] pam_unix.so obscure sha512 shadow remember=5 rounds=100000

See Also

https://workbench.cisecurity.org/benchmarks/22775

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CAT|II, CCI|CCI-000196, CCI|CCI-004062, CSCv7|16.4, Rule-ID|SV-270725r1066664_rule, STIG-ID|UBTU-24-400220, Vuln-ID|V-270725

Plugin: Unix

Control ID: 37785347c96304877de8f03a60645e05c8d64d975d9ab6720760e43f6d631049