UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The delay between login prompts following a failed login attempt must be at least 4 seconds.


Overview

Finding ID Version Rule ID IA Controls Severity
V-768 GEN000480 SV-38839r1_rule ECLO-1 ECLO-2 Medium
Description
Enforcing a delay between successive failed login attempts increases protection against automated password guessing attacks.
STIG Date
Draft AIX Security Technical Implementation Guide 2011-08-17

Details

Check Text ( C-37832r1_chk )
Check the logindelay parameter.
# more /etc/security/login.cfg
OR
#grep logindelay /etc/security/login.cfg | grep –v \*

Verify the value of the logindelay variable is four or more in each stanza. If the value of logindelay is not four or more, this is a finding.
Fix Text (F-33091r1_fix)
Use vi or the chsec command to change the login delay time period.

#chsec –f /etc/security/login.cfg –s default –a logindelay=4

OR

# vi /etc/security/login.cfg
Add logindelay = 4 to the default stanza.