RHEL 8 must prevent the use of dictionary words for passwords.

An XCCDF Rule

Details
Profiles

Description

If RHEL 8 allows the user to select passwords based on dictionary words, this increases the chances of password compromise by increasing the opportunity for successful guesses, and brute-force attacks.

ID: SV-230377r1017188_rule
Version: RHEL-08-020300
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Configure RHEL 8 to prevent the use of dictionary words for passwords.

Add or update the following line in the "/etc/security/pwquality.conf" file or a configuration file in the /etc/pwquality.conf.d/ directory to contain the "dictcheck" parameter:

dictcheck=1

Remove any configurations that conflict with the above value.

RHEL 8 must prevent the use of dictionary words for passwords.

Description

Remediation Templates

A Manual Procedure