Users are not restricted from reusing their last 5 passwords
Description
Forcing users not to reuse their past 5 passwords make it less likely for an attacker to guess the password. The /etc/security/opasswd file in Pluggable Authentication Module (PAM) stores the users' old passwords and can be verified to ensure that users are not recycling recent passwords. Fixing this misconfiguration makes alterations to PAM to ensure users are restricted from reusing their last 5 passwords.
Severity
important
Category
Linux - Password Policies
Resolution
Follow the below steps to resolve the misconfiguration.
if you're using debian based distro, open the file /etc/pam.d/common-password or
else if redhat based distro open the file /etc/pam.d/system-auth add the following line,
"password required pam_pwhistory.so remember=5"""
Potential issues that may arise after applying the resolution
Altering the existing security setting may create the following impact in your network operations.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
