CCE-85407-5| Platform: cpe:/o:apple:mac_os_11 | Date: (C)2022-12-28 (M)2023-07-04 |
Over time passwords can be captured by third parties through mistakes, phishing attacks, third party breaches or merely brute force attacks. To reduce the risk of exposure and to decrease the incentives of password reuse (passwords that are not forced to be changed periodically generally are not ever changed) users must reset passwords periodically.This control checks whether a new password is different than the previous 15. Old passwords should not be reused.
Required password changes will lead to some locked computers requiring admin assistance.
Fix:
sudo /usr/bin/pwpolicy -u $CURRENT_USER -setpolicy "usingHistory=15"
Parameter:
[password history]
Technical Mechanism:
sudo /usr/bin/pwpolicy -u $CURRENT_USER -setpolicy "usingHistory=15"
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 8.1 | Attack Vector: NETWORK |
| Exploit Score: 2.2 | Attack Complexity: HIGH |
| Impact Score: 5.9 | Privileges Required: NONE |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:80359 |
