CCE-95218-4Platform: cpe:/o:apple:mac_os_11, cpe:/o:apple:mac_os_x:10.15 | Date: (C)2020-12-08 (M)2023-07-04 |
"Disable guest account login
The Guest account, a special managed account, is considered a security vulnerability in most situations because it has no password associated with it. Once an attacker has gained guest-level access, the attacker can try to elevate privileges to further exploit a system. We recommend that the Guest account be disabled on all macOS systems unless there is a clearly demonstrated need to use a Guest account. The Guest account is not allowed to log in to a computer by default. However, guest users can access shared folders remotely by default. This setting is called "Allow guest users to connect to shared folders" and should be disabled. Both of these settings are available under System Preferences / Users and Groups / Guest Userand are disabled by default. Note that when a guest logs out of a macOS system, the guest's environment is destroyed and reinitialized.
"
Parameter:
[Hide/Display]
Technical Mechanism:
Fix:defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool FALSE
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.3 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 3.4 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:71651 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:67459 |