Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22303 | GEN000590 | SV-25950r1_rule | DCNR-1 IAIA-1 IAIA-2 | Medium |
Description |
---|
Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors. The use of unapproved algorithms may result in weak password hashes more vulnerable to compromise. |
STIG | Date |
---|---|
VMware ESX 3 Server | 2016-05-13 |
Check Text ( C-29094r1_chk ) |
---|
Determine if the system creates password hashes using a FIPS 140-2 approved cryptographic hashing algorithm. Consult OS documentation to determine the necessary configuration settings. If the system is not configured to generate password hashes using a FIPS 140-2 approved algorithm, this is a finding. |
Fix Text (F-26093r1_fix) |
---|
Configure the system to use a FIPS 140-2 approved cryptographic hash algorithm for creating password hashes. |