CCE-90950-7Platform: rhel7,centos7 | Date: (C)2017-06-29 (M)2022-10-10 |
Prevent Log In to Accounts With Empty Password
If an account is configured for password authentication
but does not have an assigned password, it may be possible to log
into the account without authentication. Remove any instances of the 'nullok'
option in '/etc/pam.d/system-auth' to
prevent logins with empty passwords.
Parameter:
Technical Mechanism:
If an account has an empty password, anyone could log in and
run commands with the privileges of that account. Accounts with
empty passwords should never be used in operational
environments.
Fix:
sed -i 's/\<nullok\>//g' /etc/pam.d/system-auth
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31327 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30604 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31327 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30604 |