6.2.4 Ensure no legacy '+' entries exist in /etc/shadow - + entries exist in /etc/shadow
Information
The character + in various files used to be markers for systems to insert data from NIS maps at a certain point in a system configuration file. These entries are no longer required on most systems, but may exist in files that have been imported from other platforms. Rationale: These entries may provide an avenue for attackers to gain privileged access on the system.
Solution
Remove any legacy '+' entries from /etc/shadow if they exist.