[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

243238

 
 

909

 
 

192833

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90828-5

Platform: cpe:/o:centos:centos:7,cpe:/o:redhat:enterprise_linux:7Date: (C)2017-06-29   (M)2023-07-14



The PASS_MAX_DAYS parameter in /etc/login.defs allows an administrator to force passwords to expire once they reach a defined age. It is recommended that the PASS_MAX_DAYS parameter be set to less than or equal to 60 days. Rationale: The window of opportunity for an attacker to leverage compromised credentials or successfully compromise credentials via an online brute force attack is limited by the age of the password. Therefore, reducing the maximum age of a password also reduces an attackers window of opportunity.


Parameter:

[password maximum days]


Technical Mechanism:

Set the PASS_MAX_DAYS parameter to 90 in /etc/login.defs: PASS_MAX_DAYS 60 Modify active user parameters to match: # chage -maxdays 60 <user>

CCSS Severity:CCSS Metrics:
CCSS Score : 8.1Attack Vector: NETWORK
Exploit Score: 2.2Attack Complexity: HIGH
Impact Score: 5.9Privileges Required: NONE
Severity: HIGHUser Interaction: NONE
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: HIGH
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:30508
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:31231


OVAL    2
oval:org.secpod.oval:def:31231
oval:org.secpod.oval:def:30508
XCCDF    4
xccdf_org.secpod_benchmark_SecPod_RHEL_7
xccdf_org.secpod_benchmark_SecPod_CentOS_7
xccdf_org.secpod_benchmark_general_CENTOS_7
xccdf_org.secpod_benchmark_general_RHEL_7
...

© SecPod Technologies