Check: SOL-11.1-040070
Solaris 11 x86 STIG:
SOL-11.1-040070
(in versions v2 r10 through v1 r10)
Title
The system must require passwords to contain at least one uppercase alphabetic character. (Cat II impact)
Discussion
Complex passwords can reduce the likelihood of success of automated password-guessing attacks.
Check Content
Check the MINUPPER setting. # grep ^MINUPPER /etc/default/passwd If MINUPPER is not set to 1 or more, this is a finding.
Fix Text
The root role is required. # pfedit /etc/default/passwd Locate the line containing: MINUPPER Change the line to read: MINUPPER=1
Additional Identifiers
Rule ID: SV-216092r603268_rule
Vulnerability ID: V-216092
Group Title: SRG-OS-000069
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
Number | Definition |
---|---|
CCI-000192 |
The information system enforces password complexity by the minimum number of upper case characters used. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
Number | Title |
---|---|
IA-5 (1) |
Password-Based Authentication |