The system must prevent the use of dictionary words for passwords.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-216103 | SOL-11.1-040190 | SV-216103r959010_rule | Medium |
| Description |
| The use of common words in passwords simplifies password-cracking attacks. |
| STIG | Date |
| Solaris 11 X86 Security Technical Implementation Guide | 2024-11-25 |
Details
| Check Text (C-17341r372691_chk) |
| Check /etc/default/passwd for dictionary check configuration. # grep ^DICTION /etc/default/passwd If the DICTIONLIST or DICTIONDBDIR settings are not present and are not set to: DICTIONLIST=/usr/share/lib/dict/words DICTIONDBDIR=/var/passwd this is a finding. Determine if the target files exist. # ls -l /usr/share/lib/dict/words /var/passwd If the files defined by DICTIONLIST or DICTIONBDIR are not present or are empty, this is a finding. |
| Fix Text (F-17339r372692_fix) |
| The root role is required. # pfedit /etc/default/passwd Insert the lines: DICTIONLIST=/usr/share/lib/dict/words DICTIONDBDIR=/var/passwd Generate the password dictionary by running the mkpwdict command. # mkpwdict -s /usr/share/lib/dict/words |