Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-11975 | GEN000680 | SV-44877r1_rule | IAIA-1 IAIA-2 | Medium |
Description |
---|
To enforce the use of complex passwords, the number of consecutive repeating characters is limited. Passwords with excessive repeated characters may be more vulnerable to password-guessing attacks. |
STIG | Date |
---|---|
SUSE Linux Enterprise Server v11 for System z | 2015-01-26 |
Check Text ( C-42332r5_chk ) |
---|
Check the system password maxrepeat setting. Procedure: Check the password maxrepeat option # grep pam_cracklib.so /etc/pam.d/common-password Confirm the maxrepeat option is set to 3 or less as in the example below: password required pam_cracklib.so maxrepeat=3 There may be other options on the line. If no such line is found, or the maxrepeat option is more than 3 this is a finding. A setting of zero disables this option. NOTE: This option was not available in SLES 11 until service pack 2(SP2). |
Fix Text (F-38310r2_fix) |
---|
Edit /etc/pam.d/common-password and set the maxrepeat option to a value of 3 or less on the pam_cracklib line. |