Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must be configured to not show password hints.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25305 | OSX00325 M6 | SV-37226r1_rule | IAAC-1 | High |
| Description |
|---|
| Providing information in the password hint field could compromise the integrity of the password. Showing password hint could allow someone shoulder surfing to gain information leading to unauthorized access to the system. |
| STIG | Date |
|---|---|
| MAC OSX 10.6 Workstation Security Technical Implementation Guide | 2013-04-09 |
Details
| Check Text ( C-35916r1_chk ) |
|---|
| 1. Open System Preferences->Accounts Panel. 2. Select Login Options. 3. Ensure the "Show password hints" is not checked. If the option is checked, this is a finding. |
| Fix Text (F-31173r1_fix) |
|---|
| 1. Open System Preferences->Accounts Panel. 2. Select Login Options. 3. Deselect "Show password hints" to disable this option. |