[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252271

 
 

909

 
 

196835

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-92298-9

Platform: cpe:/o:amazon:linux:2Date: (C)2018-10-29   (M)2023-07-04



The pam_pwquality module's 'difok' parameter controls requirements for usage of different characters during a password change. Modify the 'difok' setting in '/etc/security/pwquality.conf' to require differing characters when changing passwords. The DoD requirement is '4'.


Parameter:

[4_diff_char]


Technical Mechanism:

Requiring a minimum number of different characters during password changes ensures that newly changed passwords should not resemble previously compromised ones. Note that passwords which are changed on compromised systems will still be compromised, however.

CCSS Severity:CCSS Metrics:
CCSS Score : 8.1Attack Vector: NETWORK
Exploit Score: 2.2Attack Complexity: HIGH
Impact Score: 5.9Privileges Required: NONE
Severity: HIGHUser Interaction: NONE
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: HIGH
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:48485
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:49013


OVAL    2
oval:org.secpod.oval:def:48485
oval:org.secpod.oval:def:49013
XCCDF    2
xccdf_org.secpod_benchmark_general_Amazon_Linux_AMI
xccdf_org.secpod_benchmark_general_Amazon_Linux_2

© SecPod Technologies