UCF STIG Viewer Logo

The system must enforce the correctness of the entire password during authentication.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22302 GEN000585 SV-38769r1_rule IAIA-1 IAIA-2 Medium
Description
Some common password hashing schemes only process the first eight characters of a user's password, which reduces the effective strength of the password.
STIG Date
Draft AIX Security Technical Implementation Guide 2011-08-17

Details

Check Text ( C-36696r1_chk )
Verify no password hashes in /etc/password.
# cat /etc/passwd | cut -f2,2 -d":"
If there are password hashes present, this is a finding.

Verify no password hashes in the /etc/security/passwd file
begins with the characters other than (ssha256) or (ssha512)

#cat etc/security/passwd | grep password
If there are password hashes that do not begin with (ssha256) or (ssha512), this is a finding.
Fix Text (F-33345r1_fix)
Configure the system to enforce the correctness of the entire password during authentication.

Configure the system to use sha password hashing.
#chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm=ssha256