Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must prohibit the reuse of passwords within five iterations.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4084 | GEN000800 | SV-38417r1_rule | IAIA-1 IAIA-2 | Medium |
| Description |
|---|
| If a user, or root, used the same password continuously or was allowed to change it back shortly after being forced to change it, this would provide a potential intruder with the opportunity to keep guessing at one user's password until it was guessed correctly. |
| STIG | Date |
|---|---|
| HP-UX 11.31 Security Technical Implementation Guide | 2012-05-25 |
Details
| Check Text ( C-36283r1_chk ) |
|---|
| Check the PASSWORD_HISTORY_DEPTH setting. Procedure: # cat /etc/default/security | grep PASSWORD_HISTORY_DEPTH If PASSWORD_HISTORY_DEPTH is not set to 5 or more, this is a finding. |
| Fix Text (F-31540r1_fix) |
|---|
| Edit /etc/default/security and set PASSWORD_HISTORY_DEPTH to 5. |