UCF STIG Viewer Logo

The system must require passwords contain a minimum of 15 characters.


Overview

Finding ID Version Rule ID IA Controls Severity
V-226457 GEN000580 SV-226457r603265_rule Medium
Description
The use of longer passwords reduces the ability of attackers to successfully obtain valid passwords using guessing or exhaustive search techniques by increasing the password search space.
STIG Date
Solaris 10 SPARC Security Technical Implementation Guide 2020-12-04

Details

Check Text ( C-28618r482747_chk )
Check the system password length setting.
# grep PASSLENGTH /etc/default/passwd
If PASSLENGTH is not set to 15 or more, this is a finding.
Fix Text (F-28606r482748_fix)
Edit /etc/default/passwd and set the PASSLENGTH variable to 15 or greater.