Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22347 | GEN001470 | SV-38323r2_rule | ECLP-1 | Medium |
Description |
---|
If password hashes are readable by non-administrators, the passwords are subject to attack through lookup tables or cryptographic weaknesses in the hashes. |
STIG | Date |
---|---|
HP-UX 11.23 Security Technical Implementation Guide | 2015-06-12 |
Check Text ( C-36358r2_chk ) |
---|
Verify no password hashes are present in /etc/passwd. # cat /etc/passwd | cut -f 2,2 -d “:” If any password hashes are returned, this is a finding. |
Fix Text (F-31694r2_fix) |
---|
Migrate /etc/passwd password hashes. For Trusted Mode: Use the System Administration Manager (SAM) or the System Management Homepage (SMH) to migrate from a non-SMSE Standard Mode to Trusted Mode. For SMSE Mode: Use the following command to create the shadow file. The command will then copy all encrypted passwords into the shadow file and replace the passwd file password entries with an “x”. # pwconv |