Disable Login to Other Users Active and Locked SessionsID: oval:org.secpod.oval:def:80331 | Date: (C)2022-05-30 (M)2023-07-04 |
Class: COMPLIANCE | Family: macos |
The ability to log in to another users active or locked session _MUST_ be disabled.
macOS has a privilege that can be granted to any user that will allow that user to unlock active users sessions. Disabling the admins and/or users ability to log into another users active and locked session prevents unauthorized persons from viewing potentially sensitive and/or personal information.