[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-95223-4

Platform: cpe:/o:apple:mac_os_11, cpe:/o:apple:mac_os_x:10.15Date: (C)2020-12-08   (M)2023-07-04



"Prompt Password for all open sessions The sudo command must be configured to prompt for the administrator user's password at least once in each newly opened Terminal window or remote login session, as this prevents a malicious user from taking advantage of an unlocked computer or an abandoned login session to bypass the normal password prompt requirement. Without the tty_tickets option, all open local and remote login sessions would be authenticated to use sudo without a password for the duration of the configured password timeout window."


Parameter:

[yes/no]


Technical Mechanism:

Fix:Edit the /etc/sudoers file to contain the line: Defaults tty_tickets

CCSS Severity:CCSS Metrics:
CCSS Score : 8.4Attack Vector: LOCAL
Exploit Score: 2.5Attack Complexity: LOW
Impact Score: 5.9Privileges Required: NONE
Severity: HIGHUser Interaction: NONE
Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: HIGH
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:71688
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:67498


OVAL    2
oval:org.secpod.oval:def:71688
oval:org.secpod.oval:def:67498
XCCDF    2
xccdf_org.secpod_benchmark_general_Mac_OS_11
xccdf_org.secpod_benchmark_general_Mac_OS_X_10_15

© SecPod Technologies