1.2 Password Security Policy - d) Check either of the following words exist in configuration file

Information

Strong passwords are supported to prevent passwords from being cracked. When a password is set, password complexity is detected by default. If a password does not meet the policy, a warning is required. A strong password mode should be provided. The password verification mechanism is as follows:

a) The default password length shouldn't be below 8 characters.
b) The password must include either three of 'number', 'capital', 'lowercase', 'special-character' or set the 'character-set-num' value to 3-4
c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password
d) Check either of the following words exist in configuration file:
- Encrypt none
- Authentication null
- Encrypted null
- Encryption null
- Security-protocol noauth
- Encrypted noauth
e) If 'strong-password max-length' not displayed in configuration, then pass this check.
If 'strong-password max-length' displayed in configuration, but max-length value below 10, or not both configuration 'username-related-chk inverse' and 'strong-password date-check enable' commands, then fail this check.
f) The validity period of an account can be configured.

Solution

It is recommended config to support stores passwords in ciphertext, do not include the following phrases in the configuration:

- encrypt none
- authentication null
- encrypted null
- encryption null
- security-protocol noauth
- encrypted noauth

See Also

https://support.zte.com.cn/support/doccenter/DocumentProductHandBookDetail.aspx?sid=102&id=30768582&type=docfeedback

Item Details

Audit Name: Tenable ZTE ROSNG

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(c)

Plugin: ZTE_ROSNG

Control ID: 51a82fb55e07992e2b504a8cca28e3c0b268bd3837bcbce1410c67cd8102a981