The Photon operating system must not allow empty passwords.

An XCCDF Rule

Details
Profiles

Description

Accounts with empty or no passwords allow anyone to log on as that account without specifying a password or other forms of authentication. Allowing accounts with empty passwords puts the system at significant risk since only the username is required for access.

ID: SV-266063r1003661_rule
Version: PHTN-40-000247
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/etc/pam.d/system-password or /etc/pam.d/system-auth

Remove the "nullok" argument on the "pam_unix.so" module line.

Note: On vCenter appliances, the equivalent file must be edited under "/etc/applmgmt/appliance", if one exists, for the changes to persist after a reboot.

The Photon operating system must not allow empty passwords.

Description

Remediation Templates

A Manual Procedure