Minimum password age is not set to be at least 7 days
Description
Users will be prompted to change their password once the maximum password age is reached. If the minimum password age is not configured, users can rechange their password repeatedly until the old password exceeds the password history length. This allows him to set his old, easy-to-remember password again within minutes. To prevent this, user must not be allowed to change his new password for at least 7 days. The PASS_MIN_DAYS parameter in /etc/login.defs file allows an administrator to prevent users from changing their password until a minimum number of days have passed since the last time the user changed their password. Fixing this misconfiguration ensures the PASS_MIN_DAYS parameter is set to 7 days and will change minimum days for existing misconfigured users.
Severity
important
Category
Linux - Password Policies
Resolution
Fix not available
Potential issues that may arise after applying the resolution
Altering the existing security setting may create the following impact in your network operations.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.