An error occurred:

Check: GEN000585

SUSE Linux Enterprise Server v11 for System z STIG: GEN000585 (in versions v1 r12 through v1 r9)

Title

The system must enforce compliance of the entire password during authentification. (Cat II impact)

Discussion

Some common password hashing schemes only process the first eight characters of a user's password, which reduces the effective strength of the password.

Check Content

Verify no password hash in /etc/passwd or /etc/shadow begins with a character other than an underscore (_) or dollar sign ($). # cut -d ':' -f2 /etc/passwd # cut -d ':' -f2 /etc/shadow If any password hash is present that does not have an initial underscore (_) or dollar sign ($) character, this is a finding.

Fix Text

Change the passwords for all accounts using non-compliant password hashes. (This requires GEN000590 is already met.)

Additional Identifiers

Rule ID: SV-44862r1_rule

Vulnerability ID: V-22302

Group Title: GEN000585

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000205

The information system enforces minimum password length.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-5 (1)

Password-Based Authentication