GEN001470 - The /etc/passwd file must not contain password hashes.

Information

If password hashes are readable by non-administrators, the passwords are subject to attack through lookup tables or cryptographic weaknesses in the hashes.

Solution

Migrate /etc/passwd password hashes to /etc/shadow.
# pwconv

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_SPARC_V2R4_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(c), CAT|II, CCI|CCI-000196, Rule-ID|SV-226528r603265_rule, STIG-ID|GEN001470, STIG-Legacy|SV-26467, STIG-Legacy|V-22347, Vuln-ID|V-226528

Plugin: Unix

Control ID: 8aaa1214d03eae538c1dbddc90eebccfb033416064b5471cb1eff5e7eef8e6dd