An error occurred:

Check: GEN000540

VMware ESX 3 Server: GEN000540 (in version v1 r2)

Title

Users must not be able to change passwords more than once every 24 hours. (Cat II impact)

Discussion

The ability to change passwords frequently facilitates users reusing the same password. This can result in users effectively never changing their passwords. This would be accomplished by users changing their passwords when required and then immediately changing it to the original value.

Check Content

Check the system's configuration to determine if user password changes are permitted more than once every 24 hours. If this is permitted, this is a finding.

Fix Text

Configure the system to not allow users to change their passwords more than once every 24 hours.

Additional Identifiers

Rule ID: SV-1032r2_rule

Vulnerability ID: V-27103

Group Title: GEN000540

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001266

The information system notifies an organization-defined list of incident response personnel (identified by name and/or by role) of detected suspicious events.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-4 (7)

Automated Response To Suspicious Events