PHTN-40-000184 The Photon operating system must prevent the use of dictionary words for passwords.

Information

If the operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks.

Solution

Navigate to and open:

/etc/pam.d/system-password

Configure the pam_pwquality.so line to have the "dictcheck" option set to "1" as follows:

password requisite pam_pwquality.so dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=15 difok=8 enforce_for_root dictcheck=1

Note: On vCenter appliances, the equivalent file must be edited under "/etc/applmgmt/appliance", if one exists, for the changes to persist after a reboot.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_8-0_Y24M08_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-258853r991587_rule, STIG-ID|PHTN-40-000184, Vuln-ID|V-258853

Plugin: Unix

Control ID: e38fdd4cdd5f9cef89b9f63301dd202a419f1dad25551a2a31b4b8a1e8bd288a