The delay between login prompts following a failed login attempt must be at least 4 seconds.

An XCCDF Rule

Details
Profiles
Prose

Description

<VulnDiscussion>As an immediate return of an error message, coupled with the capability to try again, may facilitate automatic and rapid-fire brute-force password attacks by a malicious user.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-216335r603267_rule
Severity: Medium
References: CCI-000366
Updated: 9 months ago

The root role is required.

# pfedit the /etc/default/login 

Locate the line containing:
SLEEPTIME

Change the line to read:

SLEEPTIME=4

The delay between login prompts following a failed login attempt must be at least 4 seconds.

Description

Remediation - Manual Procedure