Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-11975 | GEN000680 | SV-38675r1_rule | IAIA-1 IAIA-2 | Medium |
Description |
---|
To enforce the use of complex passwords, the number of consecutive repeating characters is limited. Passwords with excessive repeated characters may be more vulnerable to password-guessing attacks. |
STIG | Date |
---|---|
AIX 5.3 Security Technical Implementation Guide | 2012-05-25 |
Check Text ( C-36902r1_chk ) |
---|
Check the maxrepeats setting. Procedure: # grep -i maxrepeats /etc/security/user OR # lsuser -a maxrepeats ALL If the maxrepeats setting is greater than 3, this is a finding. |
Fix Text (F-32056r1_fix) |
---|
Use the chsec command to set maxrepeats to 3. # chsec -f /etc/security/user -s default -a maxrepeats=3 # chuser maxrepeats=3 < user id > |