UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Nutanix AOS must prevent the use of dictionary words for passwords.


Overview

Finding ID Version Rule ID IA Controls Severity
V-254192 NUTX-OS-001050 SV-254192r846664_rule Medium
Description
If the operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks.
STIG Date
Nutanix AOS 5.20.x OS Security Technical Implementation Guide 2022-08-24

Details

Check Text ( C-57677r846662_chk )
Confirm Nutanix AOS prevents the use of dictionary words for passwords.

Check the /etc/pam.d/password-auth file for pam_pwquality.so

$ sudo grep pwquality.so /etc/pam.d/password-auth
password requisite pam_pwquality.so try_first_pass local_users_only enforce_for_root retry=3 authtok_type=

If the output does not contain "pam_pwquality.so" with the option of "required" or "requisite", this is a finding.
Fix Text (F-57628r846663_fix)
Configure Nutanix AOS to enforce the use of pam_pwquality.so by running the following command.

$ sudo salt-call state.sls security/CVM/pamCVM