UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors.


Overview

Finding ID Version Rule ID IA Controls Severity
V-48243 SOL-11.1-040130 SV-61115r2_rule Medium
Description
Cryptographic hashes provide quick password authentication while not actually storing the password.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2018-04-10

Details

Check Text ( C-50675r2_chk )
Determine which cryptographic algorithms are configured.

# grep ^CRYPT /etc/security/policy.conf

If the command output does not include the lines:

CRYPT_DEFAULT=5
CRYPT_ALGORITHMS_ALLOW=5,6

this is a finding.
Fix Text (F-51851r1_fix)
The root role is required.

Configure the system to disallow the use of UNIX encryption and enable SHA256 as the default encryption hash.

# pfedit /etc/security/policy.conf

Check that the lines:
CRYPT_DEFAULT=5
CRYPT_ALOGRITHMS_ALLOW=5,6

exist and are not commented out.