Detections
Analytics
SLEM-05-611040 - SLEM 5 must require the change of at least eight of the total number of characters when passwords are changed.
Information
If SLEM 5 allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by increasing the window of opportunity for attempts at guessing and brute-force attacks.Solution
Configure SLEM 5 to require at least eight characters be changed between the old and new passwords during a password change with the following command:Edit "/etc/pam.d/common-password" and edit the line containing "pam_cracklib.so" to contain the option "difok=8" after the third column.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SLEM_5_V1R4_STIG.zip
Item Details
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-5(1)(b), CAT|II, CCI|CCI-000195, Rule-ID|SV-261383r996580_rule, STIG-ID|SLEM-05-611040, Vuln-ID|V-261383
Plugin: Unix
Control ID: 9e729037f2fcd268e6aa2b6d4b6c43e83247dbac1634e6128f93c65b1ea09873