The system must require passwords to contain no more than three consecutive repeating characters.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-11975 | GEN000680 | SV-38675r1_rule | IAIA-1 IAIA-2 | Medium |
| Description |
|---|
| To enforce the use of complex passwords, the number of consecutive repeating characters is limited. Passwords with excessive repeated characters may be more vulnerable to password-guessing attacks. |
| STIG | Date |
|---|---|
| AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2018-09-18 |
Details
| Check Text ( C-36902r1_chk ) |
|---|
| Check the maxrepeats setting. Procedure: # grep -i maxrepeats /etc/security/user OR # lsuser -a maxrepeats ALL If the maxrepeats setting is greater than 3, this is a finding. |
| Fix Text (F-32056r1_fix) |
|---|
| Use the chsec command to set maxrepeats to 3. # chsec -f /etc/security/user -s default -a maxrepeats=3 # chuser maxrepeats=3 < user id > |