| VID |
14069 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
Password minimum length is not set or less than 8 charaters in the host system. the system can handle password brute forceing attack or password guessing attack by setting password minimum length longer than specific figures. It is recommanded that minimum length of password 8 characters.
* Platforms Affected:
UNIX, Linux |
| Recommendation |
Set password minimum length to the following
*Linux
Open /etc/login.defs and set more than 8 at PASS_MIN_LEN
PASS_MIN_LEN 8
*Solaris
Open /etc/default/passwd and set more than 8 at PASSLENGTH
PASSLENGTH=8
*HP
Open /etc/default/security and set more than 8 at MIN_PASSWORD_LENGTH
MIN_PASSWORD_LENGTH=8
*AIX
Open /etc/security/user and set more than 8 at minlen
minlen=8 |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
