1.2 Password Security Policy - e) Check for strong-password max-length - strong-password username-related-chk inverse

Information

Strong passwords are supported to prevent passwords from being cracked. When a password is set, password complexity is detected by default. If a password does not meet the policy, a warning is required. A strong password mode should be provided. The password verification mechanism is as follows:

a) The default password length shouldn't be below 8 characters.
b) The password must include either three of 'number', 'capital', 'lowercase', 'special-character' or set the 'character-set-num' value to 3-4
c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password
d) Check either of the following words exist in configuration file:
- Encrypt none
- Authentication null
- Encrypted null
- Encryption null
- Security-protocol noauth
- Encrypted noauth
e) If 'strong-password max-length' not displayed in configuration, then pass this check.
If 'strong-password max-length' displayed in configuration, but max-length value below 10, or not both configuration 'username-related-chk inverse' and 'strong-password date-check enable' commands, then fail this check.
f) The validity period of an account can be configured.

Note: Either strong-password username-related-chk inverse or strong-password date-check enable has not been configured.

Solution

It is recommended to set the password to irrelevant to the username and date.

ZXR10# configure terminal
ZXR10 (config)# system-user
ZXR10 (config-system-user)# strong-password username-related-chk inverse

See Also

https://support.zte.com.cn/support/doccenter/DocumentProductHandBookDetail.aspx?sid=102&id=30768582&type=docfeedback

Item Details

Audit Name: Tenable ZTE ROSNG

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(a)

Plugin: ZTE_ROSNG

Control ID: bad510950566cc4bcb2c363f330b640b389247e3f4a52b6674fe9cf853e67c25