Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must not have accounts configured with blank or null passwords.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-47999 | SOL-11.1-040120 | SV-60871r1_rule | Medium |
| Description |
|---|
| Complex passwords can reduce the likelihood of success of automated password-guessing attacks. |
| STIG | Date |
|---|---|
| Solaris 11 X86 Security Technical Implementation Guide | 2016-06-29 |
Details
| Check Text ( C-50435r1_chk ) |
|---|
| The root role is required. Determine if accounts with blank or null passwords exist. # logins -po If any account is listed, this is a finding. |
| Fix Text (F-51611r1_fix) |
|---|
| The root role is required. Remove, lock, or configure a password for any account with a blank password. # passwd [username] or Use the passwd -l command to lock accounts that are not permitted to execute commands. or Use the passwd -N command to set accounts to be non-login. |