An account with an empty password field means that anybody may log in as that user without providing a password. Therefore, it's recommended to either set strong passwords or disable the accounts if they're deemed unnecessary.
Severity
important
Category
Linux - User Account Management
Resolution
Follow the below steps to resolve the misconfiguration.
If any accounts in the /etc/shadow file do not have a password, run the following command
to lock the account until it can be determined why it does not have a password:
passwd -l
Also, check to see if the account is logged in and investigate what it is being used for to
determine if it needs to be forced off.
Potential issues that may arise after applying the resolution
Altering the existing security setting may create the following impact in your network operations.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
