An error occurred:

Check: UBTU-24-400400

Canonical Ubuntu 24.04 LTS STIG: UBTU-24-400400 (in version v1 r1)

Title

Ubuntu 24.04 LTS must encrypt all stored passwords with a FIPS 140-3 approved cryptographic hashing algorithm. (Cat II impact)

Discussion

Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.

Check Content

Verify the shadow password suite configuration is set to encrypt passwords with a FIPS 140-3 approved cryptographic hashing algorithm with the following command: $ grep -i ENCRYPT_METHOD /etc/login.defs ENCRYPT_METHOD SHA512 If "ENCRYPT_METHOD" does not equal SHA512 or greater, this is a finding.

Fix Text

Configure Ubuntu 24.04 LTS to encrypt all stored passwords. Edit/modify the following line in the "/etc/login.defs" file and set "ENCRYPT_METHOD" to SHA512: ENCRYPT_METHOD SHA512

Additional Identifiers

Rule ID: SV-270739r1067124_rule

Vulnerability ID: V-270739

Group Title: SRG-OS-000120-GPOS-00061

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000803

Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-7

Cryptographic Module Authentication