GEN001470 - The /etc/passwd file must not contain password hashes.

Information

If password hashes are readable by non-administrators, the passwords are subject to attack through lookup tables or cryptographic weaknesses in the hashes.

Solution

Migrate /etc/passwd password hashes to /etc/shadow.
# pwconv

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(6), CAT|II, CCI|CCI-000201, Group-ID|V-22347, Rule-ID|SV-37381r2_rule, STIG-ID|GEN001470, Vuln-ID|V-22347

Plugin: Unix

Control ID: e0108ff7a95526fe9561e44688674b4052bf6b9c33eef6f81f9751ab5f6ba1cd