The login window must be configured to prompt for username and password, rather than show a list of users.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-58405 | AOSX-09-000930 | SV-72835r1_rule | Medium |
| Description |
|---|
| The login window must be configured to prompt all users for both a username and a password. By default, the system displays a list of known users at the login screen. This gives an advantage to an attacker with physical access to the system, as the attacker would only have to guess the password for one of the listed accounts. |
| STIG | Date |
|---|---|
| Apple OS X 10.9 (Mavericks) Workstation Security Technical Implementation Guide | 2017-01-05 |
Details
| Check Text ( C-59231r1_chk ) |
|---|
| To check if the login window is configured to prompt for user name and password, run the following command: system_profiler SPConfigurationProfileDataType | grep SHOWFULLNAME If there is no result, or SHOWFULLNAME is not set to '1', this is a finding. |
| Fix Text (F-63719r1_fix) |
|---|
| This setting is enforced using a configuration profile. |