UCF STIG Viewer Logo

The system must require passwords to contain no more than three consecutive repeating characters.


Overview

Finding ID Version Rule ID IA Controls Severity
V-11975 GEN000680 SV-27126r1_rule IAIA-1 IAIA-2 Medium
Description
To enforce the use of complex passwords, the number of consecutive repeating characters is limited. Passwords with excessive repeated characters may be more vulnerable to password-guessing attacks.
STIG Date
Solaris 10 SPARC Security Technical Implementation Guide 2014-04-04

Details

Check Text ( C-28044r1_chk )
Check the MAXREPEATS setting.
# grep MAXREPEATS /etc/default/passwd
If the MAXREPEATS setting is greater than 3, this is a finding.
Fix Text (F-24393r1_fix)
Edit /etc/default/passwd and set MAXREPEATS to 3.