UCF STIG Viewer Logo

The system must require passwords to contain no more than three consecutive repeating characters.


Overview

Finding ID Version Rule ID IA Controls Severity
V-227590 GEN000680 SV-227590r603266_rule Medium
Description
To enforce the use of complex passwords, the number of consecutive repeating characters is limited. Passwords with excessive repeated characters may be more vulnerable to password-guessing attacks.
STIG Date
Solaris 10 X86 Security Technical Implementation Guide 2020-12-04

Details

Check Text ( C-29752r488318_chk )
Check the MAXREPEATS setting.
# grep MAXREPEATS /etc/default/passwd
If the MAXREPEATS setting is greater than 3, this is a finding.
Fix Text (F-29740r488319_fix)
Edit /etc/default/passwd and set MAXREPEATS to 3.