STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Login must not be permitted with empty/null passwords for SSH.

DISA Rule

SV-216118r603268_rule

Vulnerability Number

V-216118

Group Title

SRG-OS-000480

Rule Version

SOL-11.1-040370

Severity

CAT I

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

The root role is required.

Modify the sshd_config file

# pfedit /etc/ssh/sshd_config

Locate the line containing:

PermitEmptyPasswords

Change it to:

PermitEmptyPasswords no

Restart the SSH service.

# svcadm restart svc:/network/ssh

Check Contents

Determine if empty/null passwords are allowed for the SSH service.

# grep "^PermitEmptyPasswords" /etc/ssh/sshd_config

If the output of this command is not:

PermitEmptyPasswords no

this is a finding.

Vulnerability Number

V-216118

Documentable

False

Rule Version

SOL-11.1-040370

Severity Override Guidance

Check Content Reference

Target Key

4021

Login must not be permitted with empty/null passwords for SSH.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments