UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22303 GEN000590 SV-38938r1_rule DCNR-1 IAIA-1 IAIA-2 Medium
Description
Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors. The use of unapproved algorithms may result in weak password hashes that are more vulnerable to compromise.
STIG Date
AIX 5.3 Security Technical Implementation Guide 2013-03-26

Details

Check Text ( C-40623r1_chk )
Determine if the system creates password hashes using a FIPS 140-2 approved cryptographic hashing algorithm by verifying the value of pwd_algorithm in /etc/security/login.cfg.
# grep pwd_algorithm /etc/security/login.cfg
If the system is not configured to generate password hashes using a FIPS 140-2 approved algorithm, such as SHA256 or a successor, this is a finding.
Fix Text (F-32002r1_fix)
Configure the system to use a FIPS 140-2 approved cryptographic hash algorithm for creating password hashes.

# chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm=ssha256