UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must require passwords to contain no more than three consecutive repeating characters.


Overview

Finding ID Version Rule ID IA Controls Severity
V-50995 OL6-00-000299 SV-65201r1_rule Low
Description
Passwords with excessive repeating characters may be more vulnerable to password-guessing attacks.
STIG Date
Oracle Linux 6 Security Technical Implementation Guide 2014-06-12

Details

Check Text ( C-53441r1_chk )
To check the maximum value for consecutive repeating characters, run the following command:

$ grep pam_cracklib /etc/pam.d/system-auth

Look for the value of the "maxrepeat" parameter. The DoD requirement is 3.

If maxrepeat is not found or not set to the required value, this is a finding.
Fix Text (F-55801r2_fix)
The pam_cracklib module's "maxrepeat" parameter controls requirements for consecutive repeating characters.

Edit the "/etc/pam.d/system-auth" file to include the following line prior to the "password include system-auth-ac" line:

password required pam_cracklib.so maxrepeat=3