Title

CA-ACF2 must prevent the use of dictionary words for passwords. (Cat II impact)

Discussion

If the operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks.

Check Content

From the ISPF Command Shell enter: ACF to enter ACF2 Command shell enter SHOW STATE If "PSWDRSV = NO", this is a finding. If "PSWDRSVW = NO", this is a finding. SHOW PSwdopts Reserved Words and Prefixes APPL APR ASDF AUG BASIC CADAM DEC DEMO FEB FOCUS GAME IBM JAN JUL JUN LOG MAR MAY NET NEW NOV OCT PASS ROS SEP SIGN SYS TEST TSO VALID VTAM XXX 1234

Fix Text

Configure the GSO record to include PSWDRSV and PSWDRSVW.

Additional Identifiers

Rule ID: SV-223477r533198_rule

Vulnerability ID: V-223477

Group Title: SRG-OS-000480-GPOS-00225

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.