The Photon operating system must prevent the use of dictionary words for passwords.

An XCCDF Rule

Details
Profiles

Description

If the operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks.

ID: SV-258853r933620_rule
Version: PHTN-40-000184
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/etc/pam.d/system-password

Configure the pam_pwquality.so line to have the "dictcheck" option set to "1" as follows:
password  requisite   pam_pwquality.so  dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=15 difok=8 enforce_for_root dictcheck=1

Note: On vCenter appliances, the equivalent file must be edited under "/etc/applmgmt/appliance", if one exists, for the changes to persist after a reboot.

The Photon operating system must prevent the use of dictionary words for passwords.

Description

Remediation Templates

A Manual Procedure