Disable Use of Cleartext Passwords

An XCCDF Rule

Details
Profiles
Prose

Description

Chromium allows users to import and store passwords in cleartext. This should be disabled by setting PasswordManagerAllowShowPasswords to false in the Chromium policy file.

Rationale

Cleartext passwords would allow another individual to see password via shoulder surfing.

ID: xccdf_org.ssgproject.content_rule_chromium_disable_cleartext_passwords
Severity: Unknown
References: DTBC0010
Updated: about 1 year ago






if ! grep -q PasswordManagerAllowShowPasswords /etc/chromium/policies/managed/chrome_stig_policy.json; then
   sed -i -e '/{/a \  "'PasswordManagerAllowShowPasswords'": 'false',' /etc/chromium/policies/managed/chrome_stig_policy.json
else
   sed -i -e 's/\"'PasswordManagerAllowShowPasswords'.*/\"'PasswordManagerAllowShowPasswords'\": 'false',/g' /etc/chromium/policies/managed/chrome_stig_policy.json
fi

Disable Use of Cleartext Passwords

Description

Rationale

Remediation - Shell Script