UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must disable accounts after three consecutive unsuccessful login attempts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-766 GEN000460 SV-38671r1_rule ECLO-1 ECLO-2 Medium
Description
Disabling accounts after a limited number of unsuccessful login attempts improves protection against password guessing attacks.
STIG Date
AIX 5.3 Security Technical Implementation Guide 2012-05-25

Details

Check Text ( C-36678r1_chk )
# /usr/sbin/lsuser -a loginretries ALL | more
Check all active accounts on the system for the maximum number of tries before the system will lock the account. If a user has values set to 0 or greater then 3, this is a finding.
Fix Text (F-31633r1_fix)
Use the chsec command to configure the number of unsuccessful logins resulting in account lockout.

# chsec -f /etc/security/user -s default -a loginretries=3
# chsec -f /etc/security/user -s -a loginretries=3