[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-91357-4

Platform: cpe:/o:apple:mac_os_x:10.11Date: (C)2018-02-22   (M)2023-07-04



Lock User Accounts after 'n' Failed Login Attempts By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account. Setting a lockout expiration of 15 minutes is an effective deterrent against brute forcing that also makes allowances for legitimate mistakes by users.


Parameter:

[Number_of_Attempts, Minutes]


Technical Mechanism:

To check if the password policy is configured to disable an account for 15 minutes after 3 unsuccessful login attempts, run the following command: sudo pwpolicy getpolicy | tr ' ' ' ' | grep 'maxFailedLoginAttempts|minutesUntilFailedLoginReset' If the result is not 'maxFailedLoginAttempts=3' and 'minutesUntilFailedLoginReset=15', and password policy is not controlled by a directory server, this is a finding.

CCSS Severity:CCSS Metrics:
CCSS Score : 7.4Attack Vector: LOCAL
Exploit Score: 1.4Attack Complexity: HIGH
Impact Score: 5.9Privileges Required: NONE
Severity: HIGHUser Interaction: NONE
Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: HIGH
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:44050


OVAL    1
oval:org.secpod.oval:def:44050
XCCDF    2
xccdf_org.secpod_benchmark_SecPod_MAC_OS_X_10_11
xccdf_org.secpod_benchmark_general_Mac_OS_X_10_11

© SecPod Technologies