UCF STIG Viewer Logo

The system must enforce the entire password during authentication.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22302 GEN000585 SV-38769r1_rule IAIA-1 IAIA-2 Medium
Description
Some common password hashing schemes only process the first eight characters of a user's password, which reduces the effective strength of the password.
STIG Date
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2018-09-18

Details

Check Text ( C-36696r1_chk )
Verify no password hashes in /etc/passwd.
# cat /etc/passwd | cut -f2,2 -d":"

If there are password hashes present, this is a finding.

Verify no password hashes in the /etc/security/passwd file begin with the characters other than {ssha256} or {ssha512}

#cat /etc/security/passwd | grep password
If there are password hashes that do not begin with {ssha256} or {ssha512}, this is a finding.
Fix Text (F-33345r1_fix)
Configure the system to enforce the correctness of the entire password during authentication.

Configure the system to use sha password hashing.
#chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm=ssha256