Title

The Samsung SDS EMM local accounts password must be configured with length of 15 characters. (Cat II impact)

Discussion

The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password. The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. Use of more characters in a password helps to exponentially increase the time and/or resources required to compromise the password. SFR ID: FMT_SMF.1(2)b. / IA-5 (1) (a)

Check Content

Verify Samsung SDS EMM local accounts have been configured with a password with length of 15 characters or more. 1. Log into the SDS EMM console. 2. Go to Setting >> Server >> Configuration >> Minimum Password Length. 3. Verify the Minimum Password Length is set to 15 or more. If the Minimum Password Length is not set to 15 or more, this is a finding.

Fix Text

Configure Samsung SDS EMM local accounts password with length of 15 characters or more. On the MDM console, do the following: 1. Log into the SDS EMM console. 2. Go to Setting >> Server >> Configuration >> Minimum Password Length. 3. Set the Minimum Password Length to 15. 4. Save setting.

Additional Identifiers

Rule ID: SV-245527r744391_rule

Vulnerability ID: V-245527

Group Title: PP-MDM-991000

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.