Ubuntu OS must store only encrypted representations of passwords.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-275657 | RIIM-OS-611055 | SV-275657r1148272_rule | CCI-004062 | high |
| Description | ||||
| Passwords must be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. If the application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed as per policy requirements. | ||||
| STIG | Date | |||
| Riverbed NetIM OS Security Technical Implementation Guide | 2025-10-02 | |||
Related Frameworks
6 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
IA-5(1)
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1714 mappings
3.5.10
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.7
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.8
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.9
1.00
- DISA · V1R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-004062
1.00
- DISA · V1R1 · disa_xccdf · related
Details
Check Text (C-275657r1148272_chk)
Verify the Ubuntu operating stores only encrypted representations of passwords with the following command:
$ grep pam_unix.so /etc/pam.d/common-password
password [success=1 default=ignore] pam_unix.so obscure sha512 shadow remember=5 rounds=100000
If "sha512" is missing from the "pam_unix.so" line, this is a finding.
Fix Text (F-79664r1148020_fix)
Configure Ubuntu OS to store encrypted representations of passwords.
Add or modify the following line in the "/etc/pam.d/common-password" file:
password [success=1 default=ignore] pam_unix.so obscure sha512 shadow remember=5 rounds=100000