Disable Login to Other Users Active and Locked SessionsID: oval:org.secpod.oval:def:94791 | Date: (C)2023-11-27 (M)2023-11-28 |
Class: COMPLIANCE | Family: macos |
The ability to log in to another users active or locked session _MUST_ be disabled. macOS has a privilege that can be granted to any user that will allow that user to unlock active users sessions. Disabling the admins and/or users ability to log into another users active and locked session prevents unauthorized persons from viewing potentially sensitive and/or personal information.