Prompt Password for all open sessionsID: oval:org.secpod.oval:def:80500 | Date: (C)2022-05-31 (M)2023-12-07 |
Class: COMPLIANCE | Family: macos |
The sudo command must be configured to prompt for the administrator user's password at least once in each newly opened Terminal window or remote login session, as this prevents a malicious user from taking advantage of an unlocked computer or an abandoned login session to bypass the normal password prompt requirement. Without the tty_tickets option, all open local and remote login sessions would be authenticated to use sudo without a password for the duration of the configured password timeout window.