UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The delay between login prompts following a failed login attempt must be at least 4 seconds.


Overview

Finding ID Version Rule ID IA Controls Severity
V-220075 GEN000480 SV-220075r854458_rule Medium
Description
Enforcing a delay between successive failed login attempts increases protection against automated password guessing attacks.
STIG Date
Solaris 10 X86 Security Technical Implementation Guide 2022-09-07

Details

Check Text ( C-21784r488279_chk )
Check the SLEEPTIME parameter in the /etc/default/login file.

# grep SLEEPTIME /etc/default/login

If SLEEPTIME is not listed, commented out, or less than 4, this is a finding.
Fix Text (F-21783r488280_fix)
Edit the /etc/default/login file and set SLEEPTIME to 4.