UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must disable accounts after three consecutive unsuccessful login attempts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-766 GEN000460 SV-38445r2_rule ECLO-1 ECLO-2 Medium
Description
Disabling accounts after a limited number of unsuccessful login attempts improves protection against password guessing attacks.
STIG Date
HP-UX 11.31 Security Technical Implementation Guide 2015-12-02

Details

Check Text ( None )
None
Fix Text (F-31506r2_fix)
For Trusted Mode:
Use the SAM/SMH interface or edit the /tcb/files/auth/system/default file and update the u_maxtries attribute. See the below example:
:u_maxtries#3:

If manually editing the file, save any change(s) before exiting the editor.

For SMSE:
Note: There may be additional package/bundle updates that must be installed to support attributes in the /etc/default/security file.

Use the SAM/SMH interface (/etc/default/security file) and/or the userdbset command (/var/adm/userdb/* files) to update the attribute. See the below example:
AUTH_MAXTRIES=2

Note: Never use a text editor to modify any /var/adm/userdb database file. The database contains checksums and other binary data, and editors (vi included) do not follow the file locking conventions that are used to control access to the database.

If manually editing the /etc/default/security file, save any change(s) before exiting the editor.