STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The system must require at least eight characters be changed between the old and new passwords during a password change.

DISA Rule

SV-216091r603268_rule

Vulnerability Number

V-216091

Group Title

SRG-OS-000072

Rule Version

SOL-11.1-040060

Severity

CAT II

CCI(s)

CCI-000195 - The information system, for password-based authentication, when new passwords are created, enforces that at least an organization-defined number of characters are changed.

Weight

Fix Recommendation

The root role is required.

# pfedit /etc/default/passwd

Search for MINDIFF. Change the line to read:

MINDIFF=8

Check Contents

Check /etc/default/passwd to verify the MINDIFF setting.

# grep ^MINDIFF /etc/default/passwd

If the setting is not present, or is less than 8, this is a finding.

Vulnerability Number

V-216091

Documentable

False

Rule Version

SOL-11.1-040060

Severity Override Guidance

Check /etc/default/passwd to verify the MINDIFF setting.

# grep ^MINDIFF /etc/default/passwd

If the setting is not present, or is less than 8, this is a finding.

Check Content Reference

Target Key

4021

The system must require at least eight characters be changed between the old and new passwords during a password change.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments