View the security misconfiguration catalog
  • Misconfiguration Name
  • Secure password length (must be at least 14 characters) and password complexity have not been enforced.
  • Description
  • Passwords that contain less than 14 characters and uses only alphanumeric characters are weak and, therefore, easy to crack. The pam_cracklib.so shared library in Pluggable Authentication Module (PAM) specifies the strength of passwords in Linux systems. Fixing this misconfiguration makes alterations to PAM to ensure that the password length is set to 14 characters, password is not a dictionary word, and contains a mix of characters (e.g. alphabet, numeric, upper case, lower case and other special characters). This makes it difficult for a brute force attack to crack the password successfully.
  • Severity
  • important
  • Category
  • Linux - Password Policies
  • Resolution
  • Follow the below steps to resolve the misconfiguration. If you're using debian based distro, open the file /etc/pam.d/common-password or else if redhat based distro open the file /etc/pam.d/system-auth add the following line, "password required pam_cracklib.so try_first_pass retry=3 minlen=14 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1"""
  • Potential issues that may arise after applying the resolution
  • Altering the existing security setting may create the following impact in your network operations.
  • Does remediation require reboot?
  • No