An error occurred:

Check: GEN000585

VMware ESX 3 Server: GEN000585 (in version v1 r2)

Title

The system must enforce the entire password during authentication. (Cat II impact)

Discussion

Some common password hashing schemes only process the first eight characters of a user's password, which reduces the effective strength of the password.

Check Content

Determine if the system enforces the correctness of the entire password during authentication. If it does not, this is a finding. Procedure: Set an account's password to a string longer than 8 characters. Attempt to log into the account using only the first 8 characters of the password. If the login succeeds, this is a finding.

Fix Text

Configure the system to enforce the correctness of the entire password during authentication. Consult vendor documentation for the required settings.

Additional Identifiers

Rule ID: SV-25949r1_rule

Vulnerability ID: V-22302

Group Title: GEN000585

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000205

The information system enforces minimum password length.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-5 (1)

Password-Based Authentication