The system must require passwords contain no more than three consecutive repeating characters.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-11975 | GEN000680 | SV-38210r1_rule | IAIA-1 IAIA-2 | Medium |
| Description |
|---|
| To enforce the use of complex passwords, the number of consecutive repeating characters is limited. Passwords with excessive repeated characters may be more vulnerable to password-guessing attacks. |
| STIG | Date |
|---|---|
| HP-UX 11.23 Security Technical Implementation Guide | 2015-12-02 |
Details
| Check Text ( C-36287r1_chk ) |
|---|
| HP-UX does not currently support enforcement of non-repeating characters; this is always considered a finding. |
| Fix Text (F-31544r1_fix) |
|---|
| Configure/modify the system policy to require passwords not contain more than three consecutive repeating characters. |