UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The AIX SSH daemon must be configured to disable empty passwords.


Overview

Finding ID Version Rule ID IA Controls Severity
V-91743 AIX7-00-002120 SV-101841r1_rule Medium
Description
When password authentication is allowed, PermitEmptyPasswords specifies whether the server allows login to accounts with empty password strings. If an account has an empty password, anyone could log in and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2020-02-24

Details

Check Text ( C-90897r3_chk )
Check the SSH daemon configuration for allowed empty passwords using command:

# grep -i PermitEmptyPasswords /etc/ssh/sshd_config | grep -v '^#'
PermitEmptyPasswords no

If no lines are returned, or the returned "PermitEmptyPasswords" directive contains "yes", this is a finding.
Fix Text (F-97941r1_fix)
Edit "/etc/ssh/sshd_config" and add or edit the "PermitEmptyPasswords " line as:
PermitEmptyPasswords no

Save the change and restart ssh daemon:
# stopsrc -s sshd
# startsrc -s sshd