The delay between login prompts following a failed login attempt must be at least 4 seconds.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-768 | GEN000480 | SV-38446r3_rule | Medium |
| Description |
|---|
| Enforcing a delay between consecutive failed login attempts increases protection against automated password guessing attacks. |
| STIG | Date |
|---|---|
| HP-UX 11.31 Security Technical Implementation Guide | 2017-01-27 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-31507r2_fix) |
|---|
| For Trusted Mode: Use the SAM/SMH interface to ensure that the t_logdelay setting is 4. For SMSE: There is no fix, however, there are attack mitigations to minimize risk (see mitigations). |