| VID |
14138 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
Recent password Remember Setting for this system are not secure. Recent password Remember Setting prevents the reuse of passwords that have been used recently
If this setting is too small, the password can be exposed by using the previous password repeatedly.
* Platforms Affected:
UNIX, Linux |
| Recommendation |
Set Recent password Remember Setting to more than 2 as the following
<Linux>
In the password sufficient /lib/security/pam.unix.so line of the /etc/pam.d/system-auth or /etc/pam.d/common-password file, set remember to a value greater than or equal to 2.
<Solaris>
In /etc/default/passwd file, set HISTORY to a value greater than or equal to 2.
<AIX>
In /etc/security/user file, set histsize to a value greater than or equal to 2.
<HP-UX>
In /etc/default/security file, set PASSWORD_HISTORY_DEPTH to a value greater than or equal to 2. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
