UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The delay between login prompts following a failed login attempt must be at least 4 seconds.


Overview

Finding ID Version Rule ID IA Controls Severity
V-768 GEN000480 SV-27094r1_rule ECLO-1 ECLO-2 Medium
Description
Enforcing a delay between successive failed login attempts increases protection against automated password guessing attacks.
STIG Date
Solaris 10 SPARC Security Technical Implementation Guide 2013-04-09

Details

Check Text ( C-28006r1_chk )
Check the SLEEPTIME parameter in the /etc/default/login file.

# grep SLEEPTIME /etc/default/login

If SLEEPTIME is not listed, commented out, or less than 4, this is a finding.
Fix Text (F-24360r1_fix)
Edit the /etc/default/login file and set SLEEPTIME to 4.