View the security misconfiguration catalog
  • Misconfiguration Name
  • Users are not restricted from reusing their last 5 passwords
  • Description
  • Forcing users not to reuse their past 5 passwords make it less likely for an attacker to guess the password. The /etc/security/opasswd file in Pluggable Authentication Module (PAM) stores the users' old passwords and can be verified to ensure that users are not recycling recent passwords. Fixing this misconfiguration makes alterations to PAM to ensure users are restricted from reusing their last 5 passwords.
  • Severity
  • important
  • Category
  • Linux - Password Policies
  • Resolution
  • Follow the below steps to resolve the misconfiguration. if you're using debian based distro, open the file /etc/pam.d/common-password or else if redhat based distro open the file /etc/pam.d/system-auth add the following line, "password required pam_pwhistory.so remember=5"""
  • Potential issues that may arise after applying the resolution
  • Altering the existing security setting may create the following impact in your network operations.
  • Does remediation require reboot?
  • No