An error occurred:

Check: GEN001470

HP-UX 11.31 STIG: GEN001470 (in versions v1 r19 through v1 r13)

Title

The /etc/passwd file must not contain password hashes. (Cat II impact)

Discussion

If password hashes are readable by non-administrators, the passwords are subject to attack through lookup tables or cryptographic weaknesses in the hashes.

Check Content

Verify no password hashes are present in /etc/passwd. # cat /etc/passwd | cut -f 2,2 -d “:” If any password hashes are returned, this is a finding.

Fix Text

Migrate /etc/passwd password hashes. For Trusted Mode: Use the System Administration Manager (SAM) or the System Management Homepage (SMH) to migrate from a non-SMSE Standard Mode to Trusted Mode. For SMSE Mode: Use the following command to create the shadow file. The command will then copy all encrypted passwords into the shadow file and replace the passwd file password entries with an “x”. # pwconv

Additional Identifiers

Rule ID: SV-38323r2_rule

Vulnerability ID: V-22347

Group Title: GEN001470

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000201

The organization protects authenticators commensurate with the security category of the information to which use of the authenticator permits access.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-5 (6)

Protection Of Authenticators