STIGQter STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SUSE operating system must not be configured to allow blank or null passwords.

DISA Rule

SV-217125r603262_rule

Vulnerability Number

V-217125

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

SLES-12-010231

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the SUSE operating system to not allow blank or null passwords.

Remove any instances of the "nullok" option in "/etc/pam.d/common-auth" and "/etc/pam.d/common-password" to prevent logons with empty passwords.

Check Contents

Verify the SUSE operating is not configured to allow blank or null passwords.

Check that blank or null passwords cannot be used by running the following command:

# grep pam_unix.so /etc/pam.d/* | grep nullok
If this produces any output, it may be possible to log on with accounts with empty passwords.

If null passwords can be used, this is a finding.

Vulnerability Number

V-217125

Documentable

False

Rule Version

SLES-12-010231

Severity Override Guidance

Verify the SUSE operating is not configured to allow blank or null passwords.

Check that blank or null passwords cannot be used by running the following command:

# grep pam_unix.so /etc/pam.d/* | grep nullok
If this produces any output, it may be possible to log on with accounts with empty passwords.

If null passwords can be used, this is a finding.

Check Content Reference

M

Target Key

4033

Comments