Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The operating system must not allow logins for users with blank passwords.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-216128 | SOL-11.1-040480 | SV-216128r603268_rule | High |
| Description |
|---|
| If the password field is blank and the system does not enforce a policy that passwords are required, it could allow login without proper authentication of a user. |
| STIG | Date |
|---|---|
| Solaris 11 x86 Security Technical Implementation Guide | 2024-02-02 |
Details
| Check Text ( C-17366r372766_chk ) |
|---|
| Determine if the system is enforcing a policy that passwords are required. # grep ^PASSREQ /etc/default/login If the command does not return: PASSREQ=YES this is a finding. |
| Fix Text (F-17364r372767_fix) |
|---|
| The root role is required. Modify the /etc/default/login file. # pfedit /etc/default/login Insert the line: PASSREQ=YES |