Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must enforce the entire password during authentication.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22302 | GEN000585 | SV-25949r1_rule | IAIA-1 IAIA-2 | Medium |
| Description |
|---|
| Some common password hashing schemes only process the first eight characters of a user's password, which reduces the effective strength of the password. |
| STIG | Date |
|---|---|
| UNIX SRG | 2013-03-26 |
Details
| Check Text ( C-29093r1_chk ) |
|---|
| Determine if the system enforces the correctness of the entire password during authentication. If it does not, this is a finding. Procedure: Set an account's password to a string longer than 8 characters. Attempt to log into the account using only the first 8 characters of the password. If the login succeeds, this is a finding. |
| Fix Text (F-26092r1_fix) |
|---|
| Configure the system to enforce the correctness of the entire password during authentication. Consult vendor documentation for the required settings. |