[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-85274-9

Platform: cpe:/o:apple:mac_os_11Date: (C)2022-12-28   (M)2023-07-04



The system _MUST_ be configured to enforce multifactor authentication. All users _MUST_ go through multifactor authentication to prevent unauthenticated access and potential compromise to the system. NOTE: /etc/pam.d/login will be automatically modified to its original state following any update or major upgrade to the operating system. Setting the default value to "yes" will mess up services like SSH, if smart card authentication is not set up in the machine Fix: Add the following lines in /etc/pam.d/login file: auth sufficient pam_smartcard.so auth required pam_deny.so


Parameter:

[yes/no]


Technical Mechanism:

Add the following lines in /etc/pam.d/login file: auth sufficient pam_smartcard.so auth required pam_deny.so

CCSS Severity:CCSS Metrics:
CCSS Score : 8.1Attack Vector: NETWORK
Exploit Score: 2.2Attack Complexity: HIGH
Impact Score: 5.9Privileges Required: NONE
Severity: HIGHUser Interaction: NONE
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: HIGH
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:80341


OVAL    1
oval:org.secpod.oval:def:80341
XCCDF    1
xccdf_org.secpod_benchmark_general_Mac_OS_11

© SecPod Technologies