Skip to content

The AIX SSH daemon must be configured to disable empty passwords.

An XCCDF Rule

Description

<VulnDiscussion>When password authentication is allowed, PermitEmptyPasswords specifies whether the server allows login to accounts with empty password strings. If an account has an empty password, anyone could log in and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-215302r991591_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Edit "/etc/ssh/sshd_config" and add or edit the "PermitEmptyPasswords " line as:
PermitEmptyPasswords  no

Save the change and restart ssh daemon:
# stopsrc -s sshd
# startsrc -s sshd