Check: APPL-11-003012
Apple macOS 11 (Big Sur) STIG:
APPL-11-003012
(in versions v1 r8 through v1 r1)
Title
The macOS system must be configured to prevent displaying password hints. (Cat II impact)
Discussion
Password hints leak information about passwords in use and can lead to loss of confidentiality.
Check Content
To check that password hints are disabled, run the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep RetriesUntilHint If the return is null or is not "RetriesUntilHint = 0", this is a finding.
Fix Text
This setting is enforce using the "Login Window" Policy.
Additional Identifiers
Rule ID: SV-230836r599842_rule
Vulnerability ID: V-230836
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |