STIGQter: STIG Summary: Solaris 11 SPARC Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Login must not be permitted with empty/null passwords for SSH.

DISA Rule

SV-216355r603267_rule

Vulnerability Number

V-216355

Group Title

SRG-OS-000480

Rule Version

SOL-11.1-040370

Severity

CAT I

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

The root role is required.

Modify the sshd_config file

# pfedit /etc/ssh/sshd_config

Locate the line containing:

PermitEmptyPasswords

Change it to:

PermitEmptyPasswords no

Restart the SSH service.

# svcadm restart svc:/network/ssh

Check Contents

Determine if empty/null passwords are allowed for the SSH service.

# grep "^PermitEmptyPasswords" /etc/ssh/sshd_config

If the output of this command is not:

PermitEmptyPasswords no

this is a finding.

Vulnerability Number

V-216355

Documentable

False

Rule Version

SOL-11.1-040370

Severity Override Guidance

Check Content Reference

Target Key

4022

Login must not be permitted with empty/null passwords for SSH.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments