1.2 Password Security Policy - e) Check for strong-password max-length

Information

Strong passwords are supported to prevent passwords from being cracked. When a password is set, password complexity is detected by default. If a password does not meet the policy, a warning is required. A strong password mode should be provided. The password verification mechanism is as follows:

a) The default password length shouldn't be below 8 characters.
b) The password must include either three of 'number', 'capital', 'lowercase', 'special-character' or set the 'character-set-num' value to 3-4
c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password
d) Check either of the following words exist in configuration file:
- Encrypt none
- Authentication null
- Encrypted null
- Encryption null
- Security-protocol noauth
- Encrypted noauth
e) If 'strong-password max-length' not displayed in configuration, then pass this check.
If 'strong-password max-length' displayed in configuration, but max-length value below 10, or not both configuration 'username-related-chk inverse' and 'strong-password date-check enable' commands, then fail this check.
f) The validity period of an account can be configured.

Solution

It is recommended to set the maximum password length to at least 10

ZXR10# configure terminal
ZXR10 (config)# system-user
ZXR10 (config-system-user)# strong-password max-length 64

See Also

https://support.zte.com.cn/support/doccenter/DocumentProductHandBookDetail.aspx?sid=102&id=30768582&type=docfeedback

Item Details

Audit Name: Tenable ZTE ROSNG

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(a)

Plugin: ZTE_ROSNG

Control ID: e63aa335392f085ce78e684c32c19370a3ea77751eebe4e05f7450f595e81e72