AIX must prevent the use of dictionary words for passwords.

An XCCDF Rule

Description

<VulnDiscussion>If the operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-215229r991587_rule
Severity: Medium
References: CCI-000366
Updated: 17 days ago

From the command prompt, run the following command to set "dictionlist" attribute for the default stanza in "/etc/security/user":
# chsec -f /etc/security/user -s default -a dictionlist="/etc/security/ice/dictionary/English"

From the command prompt, run the following command to set "dictionlist" attribute for users who have an empty "dictionlist" attribute:
# chsec -f /etc/security/user -s [user_name] -a dictionlist="/etc/security/ice/dictionary/English"

AIX must prevent the use of dictionary words for passwords.

Description

Remediation - Manual Procedure