UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

AIX must require passwords to contain no more than three consecutive repeating characters.


Overview

Finding ID Version Rule ID IA Controls Severity
V-215232 AIX7-00-001136 SV-215232r508663_rule Medium
Description
Passwords with excessive repeating characters may be more vulnerable to password-guessing attacks.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2021-03-10

Details

Check Text ( C-16430r294147_chk )
Check system default for "maxrepeats" attribute:
# lssec -f /etc/security/user -s default -a maxrepeats
default maxrepeats=3

If the default "maxrepeats" is greater than "3", or its value is not set, or its value is set to "0", this is a finding.

Check the "maxrepeats" setting for all users using:
# lsuser -a maxrepeats ALL

The above command should yield the following output:
root maxrepeats=3
daemon maxrepeats=3
bin maxrepeats=3
sys maxrepeats=3

If the "maxrepeats" setting for any user is greater than "3", or its value is set to "0", this is a finding.
Fix Text (F-16428r294148_fix)
Use the "chsec" command to set "maxrepeats" to "3" for the default stanza:
# chsec -f /etc/security/user -s default -a maxrepeats=3

Use the "chsec" command to set "maxrepeats" to "3" for all the users who have "maxrepeats" values that are greater than "3", or its value is set to "0":
# chuser maxrepeats=3 [user_name]