Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-239160 | PHTN-67-000089 | SV-239160r675288_rule | Medium |
Description |
---|
Blank passwords are one of the first things an attacker checks for when probing a system. Even is the user somehow has a blank password on the OS, sshd must not allow that user to log in. |
STIG | Date |
---|---|
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide | 2022-01-03 |
Check Text ( C-42371r675286_chk ) |
---|
At the command line, execute the following command: # sshd -T|&grep -i PermitEmptyPasswords Expected result: PermitEmptyPasswords no If the output does not match the expected result, this is a finding. |
Fix Text (F-42330r675287_fix) |
---|
Open /etc/ssh/sshd_config with a text editor. Ensure that the "PermitEmptyPasswords" line is uncommented and set to the following: PermitEmptyPasswords no At the command line, execute the following command: # service sshd reload |