| VID |
14070 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
Password maximum period is not set or longer than 90 days in the host system. If password does not change for a long time, password can be exposed through password brute forceing attack or password guessing attack. It is recommanded that password change within 90 days or 12 weeks.
* Platforms Affected:
UNIX, Linux |
| Recommendation |
Set password maximum period as the following
*Linux
Open /etc/login.defs and set less than 90 at PASS_MAX_DAYS
PASS_MAX_DAYS 90
*Solaris
Open /etc/default/passwd and set less than 12 at MAXWEEKS
MAXWEEKS=12
*HP
Open /etc/default/security and set less than 90 at PASSWORD_MAXDAYS
PASSWORD_MAXDAYS=90
*AIX
Open /etc/security/user and set less than 12 at maxage
maxage=12 |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
