Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-216098 | SOL-11.1-040130 | SV-216098r603268_rule | Medium |
| Description |
|---|
| Cryptographic hashes provide quick password authentication while not actually storing the password. |
| STIG | Date |
|---|---|
| Solaris 11 x86 Security Technical Implementation Guide | 2024-02-02 |
Details
| Check Text ( C-17336r372676_chk ) |
|---|
| Determine which cryptographic algorithms are configured. # grep ^CRYPT /etc/security/policy.conf If the command output does not include the lines: CRYPT_DEFAULT=6 CRYPT_ALGORITHMS_ALLOW=5,6 this is a finding. |
| Fix Text (F-17334r372677_fix) |
|---|
| The root role is required. Configure the system to disallow the use of UNIX encryption and enable SHA256 as the default encryption hash. # pfedit /etc/security/policy.conf Check that the lines: CRYPT_DEFAULT=6 CRYPT_ALGORITHMS_ALLOW=5,6 exist and are not commented out. |