The system must require passwords to contain no more than three consecutive repeating characters.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-11975 | GEN000680 | SV-38675r1_rule | IAIA-1 IAIA-2 | Medium |
| Description |
|---|
| To enforce the use of complex passwords, the number of consecutive repeating characters is limited. Passwords with excessive repeated characters may be more vulnerable to password-guessing attacks. |
| STIG | Date |
|---|---|
| Draft AIX Security Technical Implementation Guide | 2011-08-17 |
Details
| Check Text ( C-36902r1_chk ) |
|---|
| Check the maxrepeats setting. Procedure: # grep -i maxrepeats /etc/security/user #lsuser –a maxrepeats ALL If the maxrepeats setting is greater than 3, this is a finding. |
| Fix Text (F-32056r1_fix) |
|---|
| Use the chsec command to set maxrepeats to 3. #chsec –f /etc/security/user –s default –a maxrepeats=3 |