UCF STIG Viewer Logo

The operating system must not allow an unattended or automatic logon to the system.


Overview

Finding ID Version Rule ID IA Controls Severity
V-59703 AOSX-10-000925 SV-74133r2_rule Medium
Description
When automatic logins are enabled, the default user account is automatically logged in at boot time without prompting the user for a password. Even if the screen is later locked, a malicious user would be able to reboot the computer in order to log in. Disabling automatic logins mitigates this risk.
STIG Date
Apple OS X 10.10 (Yosemite) Workstation Security Technical Implementation Guide 2017-04-06

Details

Check Text ( C-60473r1_chk )
To check if the system if configured to automatically log in, run the following command:

system_profiler SPConfigurationProfileDataType | grep DisableAutoLoginClient

If 'com.apple.login.mcx.DisableAutoLoginClient' is not set to '1', this is a finding.
Fix Text (F-65113r2_fix)
This setting is enforced using the "Login Window Policy" configuration profile.