For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by setting the password change type to character sets.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-223218	JUSX-DM-000129	SV-223218r997577_rule		Medium

Description
Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. The password change-type command specifies whether a minimum number of character-sets or a minimum number of character-set transitions are enforced. The DOD requires this setting be set to character-sets.

Description

Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. The password change-type command specifies whether a minimum number of character-sets or a minimum number of character-set transitions are enforced. The DOD requires this setting be set to character-sets.

STIG	Date
Juniper SRX SG NDM Security Technical Implementation Guide	2024-06-10

Details

Check Text ( C-24891r997575_chk )
Verify the default local password enforces password complexity by setting the password change type to character sets. [edit] show system login password If the password change-type is not set to character-sets, this is a finding.

Fix Text (F-24879r997576_fix)
Configure the default local password to enforce password complexity by setting the password change type to character sets. [edit] set system login password change-type character-sets