An error occurred:

Check: GEN000590

VMware ESX 3 Server: GEN000590 (in version v1 r2)

Title

The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes. (Cat II impact)

Discussion

Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors. The use of unapproved algorithms may result in weak password hashes more vulnerable to compromise.

Check Content

Determine if the system creates password hashes using a FIPS 140-2 approved cryptographic hashing algorithm. Consult OS documentation to determine the necessary configuration settings. If the system is not configured to generate password hashes using a FIPS 140-2 approved algorithm, this is a finding.

Fix Text

Configure the system to use a FIPS 140-2 approved cryptographic hash algorithm for creating password hashes.

Additional Identifiers

Rule ID: SV-25950r1_rule

Vulnerability ID: V-22303

Group Title: GEN000590

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000803

The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-7

Cryptographic Module Authentication