CCE-92811-9Platform: cpe:/o:apple:mac_os_x:10.14 | Date: (C)2019-04-05 (M)2023-07-04 |
Prompt Users for a Username and Password
The login window must be configured to prompt all users for both a username and a password. By default, the system displays a list of known users at the login screen. This gives an advantage to an attacker with physical access to the system, as the attacker would only have to guess the password for one of the listed accounts.
Parameter:
[yes/no]
Technical Mechanism:
To check if the login window is configured to prompt for user name and password, run the following command:
system_profiler SPConfigurationProfileDataType | grep SHOWFULLNAME
If there is no result, or SHOWFULLNAME is not set to '1', this is a finding.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.4 | Attack Vector: LOCAL |
Exploit Score: 1.4 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:54037 |