Riverbed Optimization System (RiOS) must require that when a password is changed, the characters are changed in at least 15 of the positions within the password.

An XCCDF Rule

Description

<VulnDiscussion>If the application allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by increasing the window of opportunity for attempts at guessing and brute-force attacks. The number of changed characters refers to the number of changes required with respect to the total number of positions in the current password. In other words, characters may be the same within the two passwords; however, the positions of the like characters must be different.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-77461r1_rule
Severity: Medium
References: CCI-000195
Updated: about 1 year ago

Configure RiOS to require that when a password is changed, the characters are changed in at least 15 of the positions within the password.

Navigate to the device Management Console
Navigate to Configure >> Security >> Password Policy

Set the value of "Minimum Character Difference Between Passwords:" to "15"
Click "Apply"
Navigate to the top of the web page and click "Save" to save these settings permanently

Riverbed Optimization System (RiOS) must require that when a password is changed, the characters are changed in at least 15 of the positions within the password.

Description

Remediation - Manual Procedure