CCE-50284-9| Platform: cpe:/o:apple:mac_os_14 | Date: (C)2023-11-28 (M)2023-11-28 |
By default, Mac OS X obligingly displays the password hint for an account after three unsuccessful attempts at entering a password. Where security is an issue, this is like serving a hacker a piece of apple pie. Therefore, head to System Preferences, display the Accounts settings, click the Login Options button, and make sure that the Show Password Hints check box is empty.
Fix:
defaults write /Library/Preferences/com.apple.loginwindow RetriesUntilHint -int X
Parameter:
[no/yes]
Technical Mechanism:
defaults write /Library/Preferences/com.apple.loginwindow RetriesUntilHint -int X
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 6.8 | Attack Vector: PHYSICAL |
| Exploit Score: 0.9 | Attack Complexity: LOW |
| Impact Score: 5.9 | Privileges Required: NONE |
| Severity: MEDIUM | User Interaction: NONE |
| Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:94849 |
