[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

243238

 
 

909

 
 

192833

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90886-3

Platform: rhel7Date: (C)2017-06-29   (M)2022-10-10



Disable the GNOME3 Login User List In the default graphical environment, users logging directly into the system are greeted with a login screen that displays all known users. This functionality should be disabled. The 'disable-user-list' setting must be set under an appropriate configuration file(s) in the '/etc/dconf/db/gdm.d' directory and locked in '/etc/dconf/db/gdm.d/locks' directory to prevent user modification. After the settings have been set, run 'dconf update'.


Parameter:


Technical Mechanism:

Leaving the user list enabled is a security risk since it allows anyone with physical access to the system to quickly enumerate known user accounts without logging in. Fix: No Remediation Info

CCSS Severity:CCSS Metrics:
CCSS Score : Attack Vector:
Exploit Score: Attack Complexity:
Impact Score: Privileges Required:
Severity: User Interaction:
Vector: Scope:
 Confidentiality:
 Integrity:
 Availability:
  

References:
Resource IdReference


XCCDF    1

© SecPod Technologies