UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The /etc/passwd file must not contain password hashes.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22347 GEN001470 SV-38323r2_rule ECLP-1 Medium
Description
If password hashes are readable by non-administrators, the passwords are subject to attack through lookup tables or cryptographic weaknesses in the hashes.
STIG Date
HP-UX SMSE Security Technical Implementation Guide 2014-02-28

Details

Check Text ( C-36358r2_chk )
Verify no password hashes are present in /etc/passwd.
# cat /etc/passwd | cut -f 2,2 -d “:”

If any password hashes are returned, this is a finding.
Fix Text (F-31694r2_fix)
Migrate /etc/passwd password hashes.

For Trusted Mode:
Use the System Administration Manager (SAM) or the System Management Homepage (SMH) to migrate from a non-SMSE Standard Mode to Trusted Mode.

For SMSE Mode:
Use the following command to create the shadow file. The command will then copy all encrypted passwords into the shadow file and replace the passwd file password entries with an “x”.
# pwconv