Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must disable accounts after three consecutive unsuccessful login attempts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-766 | GEN000460 | SV-35267r1_rule | ECLO-1 ECLO-2 | Medium |
| Description |
|---|
| Disabling accounts after a limited number of unsuccessful login attempts improves protection against password guessing attacks. |
| STIG | Date |
|---|---|
| HP-UX 11.23 Security Technical Implementation Guide | 2012-05-25 |
Details
| Check Text ( C-35099r1_chk ) |
|---|
| Check the t_maxtries setting. # more /tcb/files/auth/system/default Look for the value of the u_maxtries variable in the file. This will give you the maximum number of tries before the system will lock the account. If this value is 0 or greater than 3, this is a finding. |
| Fix Text (F-30368r1_fix) |
|---|
| The vendor change tool supplied with the OS is SAM. # sam Then: Auditing and Security -> System Security Policies -> Terminal Security Policies. Select and change: "Maximum Unsuccessful Login Tries Allowed". |