CCE-90965-5Platform: rhel7,centos7 | Date: (C)2017-06-29 (M)2022-10-10 |
Set Password Strength Minimum Different Categories
The pam_cracklib module's 'minclass' parameter controls requirements for
usage of different character classes, or types, of character that must exist in a password
before it is considered valid. For example, setting this value to three (3) requires that
any password must have characters from at least three different categories in order to be
approved. The default value is zero (0), meaning there are no required classes. There are
four categories available:
* Upper-case characters
* Lower-case characters
* Digits
* Special characters (for example, punctuation)
Modify the 'minclass' setting in '/etc/security/pwquality.conf' entry to require
differing categories of characters when changing passwords. The minimum requirement is '3'.
Parameter:
Technical Mechanism:
Requiring a minimum number of character categories makes password guessing attacks
more difficult by ensuring a larger search space.
Fix:
No Remediation Info
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30619 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31342 |