TOSS 5 must not have accounts configured with blank or null passwords.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-282741TOSS-05-000357SV-282741r1201203_ruleCCI-000366medium
Description
If an account has an empty password, anyone could log in and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.
STIGDate
Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide2026-04-01

Details

Check Text (C-282741r1201203_chk)

Verify null or blank passwords cannot be used using the following command: $ sudo awk -F: '!$2 {print $1}' /etc/shadow If the command returns any results, this is a finding.

Fix Text (F-87207r1201202_fix)

Configure all accounts on TOSS 5 to have a password or lock the account using the following commands: Perform a password reset: $ sudo passwd [username] To lock an account: $ sudo passwd -l [username]