UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must prohibit the reuse of passwords within five iterations.


Overview

Finding ID Version Rule ID IA Controls Severity
V-63233 ESXI-06-000032 SV-77723r1_rule Medium
Description
If a user, or root, used the same password continuously or was allowed to change it back shortly after being forced to change it to something else, it would provide a potential intruder with the opportunity to keep guessing at one user's password until it was guessed correctly.
STIG Date
VMware vSphere ESXi 6.0 Security Technical Implementation Guide 2019-01-04

Details

Check Text ( C-63967r1_chk )
To verify the remember setting, run the following command:

# grep -i "^password" /etc/pam.d/passwd | grep sufficient

If the remember setting is not set or is not "remember=5", this is a finding.
Fix Text (F-69151r1_fix)
To set the remember option, add or correct the following line in "/etc/pam.d/passwd":

password sufficient /lib/security/$ISA/pam_unix.so use_authtok nullok shadow sha512 remember=5