Check: PHTN-67-000089
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000089
(in versions v1 r6 through v1 r1)
Title
The Photon operating system must configure sshd to disallow authentication with an empty password. (Cat II impact)
Discussion
Blank passwords are one of the first things an attacker checks for when probing a system. Even is the user somehow has a blank password on the OS, sshd must not allow that user to log in.
Check Content
At the command line, execute the following command: # sshd -T|&grep -i PermitEmptyPasswords Expected result: PermitEmptyPasswords no If the output does not match the expected result, this is a finding.
Fix Text
Open /etc/ssh/sshd_config with a text editor. Ensure that the "PermitEmptyPasswords" line is uncommented and set to the following: PermitEmptyPasswords no At the command line, execute the following command: # service sshd reload
Additional Identifiers
Rule ID: SV-239160r675288_rule
Vulnerability ID: V-239160
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |