STIGQter STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The SUSE operating system must not be configured to allow blank or null passwords.

DISA Rule

SV-234898r622137_rule

Vulnerability Number

V-234898

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

SLES-15-020300

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure the SUSE operating system to not allow blank or null passwords.

Remove any instances of the "nullok" option in "/etc/pam.d/common-auth" and "/etc/pam.d/common-password" to prevent logons with empty passwords.

Check Contents

Verify the SUSE operating system is not configured to allow blank or null passwords.

Check that blank or null passwords cannot be used by running the following command:

> grep pam_unix.so /etc/pam.d/* | grep nullok

If this produces any output, it may be possible to log on with accounts with empty passwords.

If null passwords can be used, this is a finding.

Vulnerability Number

V-234898

Documentable

False

Rule Version

SLES-15-020300

Severity Override Guidance

Verify the SUSE operating system is not configured to allow blank or null passwords.

Check that blank or null passwords cannot be used by running the following command:

> grep pam_unix.so /etc/pam.d/* | grep nullok

If this produces any output, it may be possible to log on with accounts with empty passwords.

If null passwords can be used, this is a finding.

Check Content Reference

M

Target Key

5274

Comments