CCE-91271-7Platform: cpe:/o:ubuntu:ubuntu_linux:14.04 | Date: (C)2017-03-14 (M)2023-07-04 |
Verify No UID 0 Accounts Exist Other Than root (Scored)
Any account with UID 0 has superuser privileges on the system.
Parameter:
[]
Technical Mechanism:
This access must be limited to only the default root account and only from the system console. Administrative access must be through an unprivileged account using an approved mechanism as noted in Item 9.4 Restrict root Login to System Console.
Fix:
Delete any other entries that are displayed.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.2 | Attack Vector: NETWORK |
Exploit Score: 1.2 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: HIGH |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:33962 |