Nutanix AOS must store only encrypted representations of passwords.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-254217 | NUTX-OS-001320 | SV-254217r846739_rule | High |
| Description |
|---|
| Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. |
| STIG | Date |
|---|---|
| Nutanix AOS 5.20.x OS Security Technical Implementation Guide | 2022-08-24 |
Details
| Check Text ( C-57702r846737_chk ) |
|---|
| Confirm Nutanix AOS is configured to store encrypted representation of passwords and that the encryption meets required standards. $ sudo grep -i encrypt /etc/login.defs ENCRYPT_METHOD SHA512 If the /etc/login.defs file does not contain the required output, this is a finding. $ sudo grep -i sha512 /etc/libuser.conf crypt_style = sha512 If the /etc/libuser.conf file does not contain the required output, this is a finding. |
| Fix Text (F-57653r846738_fix) |
|---|
| Configure the required password encryption requirements by running the following command. $ sudo salt-call state.sls security/CVM/pamCVM |