UBTU-24-400220 - Ubuntu 24.04 LTS must store only encrypted representations of passwords.

Information

Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed per policy requirements.

Solution

Configure Ubuntu 24.04 LTS to store encrypted representations of passwords.

Add or modify the "sha512" parameter value to the following line in "/etc/pam.d/common-password" file:

password [success=1 default=ignore] pam_unix.so obscure sha512 shadow remember=5 rounds=100000

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CAN_Ubuntu_24-04_LTS_V1R1_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(d), CAT|II, CCI|CCI-004062, Rule-ID|SV-270725r1066664_rule, STIG-ID|UBTU-24-400220, Vuln-ID|V-270725

Plugin: Unix

Control ID: b0b3105d32e8e40b6b993f0d211eb4e9f1a6e0b4fe68efe60ab69cbe90a79fa2