Title

The macOS system must disable proximity-based password sharing requests. (Cat II impact)

Discussion

Proximity-based password sharing requests must be disabled. The default behavior of macOS is to allow users to request passwords from other known devices (macOS and iOS). This feature must be disabled to prevent passwords from being shared.

Check Content

Verify the macOS system is configured to disable proximity-based password sharing requests with the following command: /usr/bin/osascript -l JavaScript << EOS $.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\ .objectForKey('allowPasswordProximityRequests').js EOS If the result is not "false", this is a finding.

Fix Text

Configure the macOS system to disable proximity-based password sharing requests by installing the "com.apple.applicationaccess" configuration profile.

Additional Identifiers

Rule ID: SV-259568r941326_rule

Vulnerability ID: V-259568

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.