GEN001470 - The /etc/passwd file must not contain password hashes.

Information

If password hashes are readable by non-administrators, the passwords are subject to attack through lookup tables or cryptographic weaknesses in the hashes.

Solution

Migrate /etc/passwd password hashes to /etc/shadow.

# pwconv

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

References: 800-53|CM-6b., 800-53|IA-5(6), CAT|II, CCI|CCI-000201, CCI|CCI-000366, Rule-ID|SV-218306r603259_rule, STIG-ID|GEN001470, STIG-Legacy|SV-64581, STIG-Legacy|V-22347, Vuln-ID|V-218306

Plugin: Unix

Control ID: b594096f214f2c5537bd15b9c7a963ab62a27f37b0a9ef105481cc0370e90e81