UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must not have accounts configured with blank or null passwords.


Overview

Finding ID Version Rule ID IA Controls Severity
V-47999 SOL-11.1-040120 SV-60871r1_rule Medium
Description
Complex passwords can reduce the likelihood of success of automated password-guessing attacks.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2015-06-26

Details

Check Text ( C-50435r1_chk )
The root role is required.

Determine if accounts with blank or null passwords exist.

# logins -po

If any account is listed, this is a finding.
Fix Text (F-51611r1_fix)
The root role is required.

Remove, lock, or configure a password for any account with a blank password.

# passwd [username]
or
Use the passwd -l command to lock accounts that are not permitted to execute commands.
or
Use the passwd -N command to set accounts to be non-login.