UCF STIG Viewer Logo

The delay between login prompts following a failed login attempt must be at least 4 seconds.


Overview

Finding ID Version Rule ID IA Controls Severity
V-768 GEN000480 SV-38839r1_rule ECLO-1 ECLO-2 Medium
Description
Enforcing a delay between successive failed login attempts increases protection against automated password guessing attacks.
STIG Date
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2018-09-18

Details

Check Text ( C-37832r1_chk )
Check the logindelay parameter.
# more /etc/security/login.cfg
OR
#grep logindelay /etc/security/login.cfg | grep -v \*

Verify the value of the logindelay variable is 4 or more in each stanza. If the value of logindelay is not 4 or more, this is a finding.
Fix Text (F-33091r1_fix)
Use vi or the chsec command to change the login delay time period.

#chsec -f /etc/security/login.cfg -s default -a logindelay=4

OR

# vi /etc/security/login.cfg
Add logindelay = 4 to the default stanza.