Disable Use of Cleartext Passwords

An XCCDF Rule

Details
Profiles

Description

Chromium allows users to import and store passwords in cleartext. This should be disabled by setting PasswordManagerAllowShowPasswords to false in the Chromium policy file.

Rationale

Cleartext passwords would allow another individual to see password via shoulder surfing.

ID: xccdf_org.ssgproject.content_rule_chromium_disable_cleartext_passwords
Severity: Unknown
References: DTBC0010
Updated: over 1 year ago

Remediation Templates

if ! grep -q PasswordManagerAllowShowPasswords /etc/chromium/policies/managed/chrome_stig_policy.json; then
   sed -i -e '/{/a \  "'PasswordManagerAllowShowPasswords'": 'false',' /etc/chromium/policies/managed/chrome_stig_policy.json
else
   sed -i -e 's/\"'PasswordManagerAllowShowPasswords'.*/\"'PasswordManagerAllowShowPasswords'\": 'false',/g' /etc/chromium/policies/managed/chrome_stig_policy.json
fi

Disable Use of Cleartext Passwords

Description

Rationale

Remediation Templates

A Shell Script