Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22302 | GEN000585 | SV-38769r1_rule | IAIA-1 IAIA-2 | Medium |
Description |
---|
Some common password hashing schemes only process the first eight characters of a user's password, which reduces the effective strength of the password. |
STIG | Date |
---|---|
AIX 5.3 Security Technical Implementation Guide | 2012-05-25 |
Check Text ( C-36696r1_chk ) |
---|
Verify no password hashes in /etc/passwd. # cat /etc/passwd | cut -f2,2 -d":" If there are password hashes present, this is a finding. Verify no password hashes in the /etc/security/passwd file begin with the characters other than {ssha256} or {ssha512} #cat /etc/security/passwd | grep password If there are password hashes that do not begin with {ssha256} or {ssha512}, this is a finding. |
Fix Text (F-33345r1_fix) |
---|
Configure the system to enforce the correctness of the entire password during authentication. Configure the system to use sha password hashing. #chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm=ssha256 |