Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-88763 | VROM-SL-001485 | SV-99413r1_rule | Medium |
Description |
---|
If SLES for vRealize allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks. |
STIG | Date |
---|---|
VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide | 2018-10-11 |
Check Text ( C-88455r1_chk ) |
---|
Verify the "passwd" command uses the "common-password" settings. Procedure: # grep common-password /etc/pam.d/passwd If line "password include common-password" is not found then the password checks in common-password will not be applied to new passwords, and this is a finding. |
Fix Text (F-95505r1_fix) |
---|
Configure SLES for vRealize to prevent the use of dictionary words for passwords. Procedure: Edit the file "/etc/pam.d/passwd". Configure "passwd" by adding a line such as: password include common-password Save the changes made to the file. |