Check: GEN000460
VMware ESX 3 Server:
GEN000460
(in version v1 r2)
Title
The system must disable accounts after three consecutive unsuccessful login attempts. (Cat II impact)
Discussion
Disabling accounts after a limited number of unsuccessful login attempts improves protection against password guessing attacks.
Check Content
Attempt to log on with a valid user id and incorrect password three times. If the system does not lock the account, requiring an SA to unlock it, this is a finding.
Fix Text
Configure the system to lock accounts after three unsuccessful login attempts.
Additional Identifiers
Rule ID: SV-766r2_rule
Vulnerability ID: V-766
Group Title: GEN000460
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000044 |
Enforce the organization-defined limit of consecutive invalid logon attempts by a user during the organization-defined time period. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AC-7 |
Unsuccessful Logon Attempts |