| VID |
14104 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
The complexity of password generation is not appropriate for the system.
In case that the passwords of user accounts (both root and regular accounts) is easy to infer, there is a risk of allowing unauthorized access to the system.
By using passwords of more than 8 characters which is a mixture of multiple characters and digits, the incidence rate of attacks can be lowered.
* Affected platforms:
UNIX, Linux |
| Recommendation |
Follow the steps below to increase complexity of passwords.
*Solaris
1. Open "/etc/default/passwd"
2. Edit or insert as follows
Options - PASSLENGTH = Minimum length of Password (more than 8)
MINDIGHT = Minimum number of digits (more than 1)
MINLOWER = Minimum number of lowercase characters (more than 1)
MINSPECIAL = Minimum number of special characters (more than 1)
*Linux
1. Open "/etc/pam.d/system-auth"
2. Edit or insert as follows
Options - minlen = Minimum length of Password (more than 8)
dcredit = -1
ocredit = -1
lcredit = -1
*AIX
1. Open "/etc/security/user"
2. Edit or insert as follows
Options - minlen = Minimum length of Password (more than 8)
minalpha = Minimum number of alphabetic characters (more than 4)
minother = Minimum number of special characters (more than 2)
*HP
Trusted Mode
SAM -> Auditing and Security -> System Security Policies -> Password Format Policies
[Allow Null Password] : Not Checked
[Use Restriction Rules] : Checked
Normal Mode
1. Open "/tcb/files/auth/system/default"
2. Edit or insert as follows
Options - MIN_PASSWORD_LENGTH = Minimum length of Password (more than 8)
PASSWORD_MIN_LOWER_CASE_CHARS = Minimum number of lowercase characters (more than 1)
PASSWORD_MIN_DIGIT_CHARS = Minimum number of digits (more than 1)
PASSWORD_MIN_SPECIAL_CHARS = Minimum number of special characters (more than 1) |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
