APPL-14-003014 - The macOS system must remove password hints from user accounts.

Information

User accounts must not contain password hints. Password hints leak information about passwords that are currently in use and can lead to loss of confidentiality.

Solution

Configure the macOS system to remove password hints from user accounts with the following command:

for u in $(/usr/bin/dscl . -list /Users UniqueID | /usr/bin/awk '$2 > 500 {print $1}'); do
/usr/bin/dscl . -delete /Users/$u hint
done

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apple_macOS_14_V1R2_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000206, Rule-ID|SV-259544r941254_rule, STIG-ID|APPL-14-003014, Vuln-ID|V-259544

Plugin: Unix

Control ID: d2eb0c701eb62c5d7abc5cd39de7af9596d4918eeea2c39c2e87c65cddb7d0eb