UCF STIG Viewer Logo

The system must require passwords to contain no more than three consecutive repeating characters.


Overview

Finding ID Version Rule ID IA Controls Severity
V-226464 GEN000680 SV-226464r603265_rule Medium
Description
To enforce the use of complex passwords, the number of consecutive repeating characters is limited. Passwords with excessive repeated characters may be more vulnerable to password-guessing attacks.
STIG Date
Solaris 10 SPARC Security Technical Implementation Guide 2020-12-04

Details

Check Text ( C-28625r482768_chk )
Check the MAXREPEATS setting.
# grep MAXREPEATS /etc/default/passwd
If the MAXREPEATS setting is greater than 3, this is a finding.
Fix Text (F-28613r482769_fix)
Edit /etc/default/passwd and set MAXREPEATS to 3.