| VID |
14217 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
The system allows accounts with no password. If there is an account with no password, the attacker can access the system with ID only.
* Platforms Affected:
UNIX, Linux |
| Recommendation |
Control accounts with no password as follows:
- SunOS:
Open /etc/default/login and set PASSREQ=YES
- HP-UX:
Open /etc/default/security and set ALLOW_NULL_PASSWORD=0 |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
