Detections
Analytics
RHEL-10-600455 - RHEL 10 must not allow blank or null passwords.
Information
If an account has an empty password, anyone could log in and run commands with the privileges of that account. Accounts with empty passwords must never be used in operational environments.Solution
Configure RHEL 10 to prohibit the use of null passwords.If PAM is managed with "authselect", use the following command to remove instances of "nullok":
$ sudo authselect enable-feature without-nullok
Otherwise, remove any instances of the "nullok" option in the "/etc/pam.d/password-auth" and "/etc/pam.d/system-auth" files to prevent logins with empty passwords.
Note: Manual changes to the listed file may be overwritten by the "authselect" program.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-5(1)(a), CAT|II, CCI|CCI-004066, Rule-ID|SV-281200r1166552_rule, STIG-ID|RHEL-10-600455, Vuln-ID|V-281200
Plugin: Unix
Control ID: f87c265d0382080eb5e21494c55aa91c981a2c41bc45876b6543047c3426da0d