The AIX SSH daemon must be configured to disable empty passwords.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215302 | SRG-OS-000480-GPOS-00229 | AIX7-00-002120 | SV-215302r991591_rule | 2024-08-16 | 3 |
| Description |
|---|
| When password authentication is allowed, PermitEmptyPasswords specifies whether the server allows login to accounts with empty password strings. If an account has an empty password, anyone could log in and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments. |
| ℹ️ Check |
|---|
| Check the SSH daemon configuration for allowed empty passwords using command: # grep -i PermitEmptyPasswords /etc/ssh/sshd_config | grep -v '^#' PermitEmptyPasswords no If no lines are returned, or the returned "PermitEmptyPasswords" directive contains "yes", this is a finding. |
| ✔️ Fix |
|---|
| Edit "/etc/ssh/sshd_config" and add or edit the "PermitEmptyPasswords " line as: PermitEmptyPasswords no Save the change and restart ssh daemon: # stopsrc -s sshd # startsrc -s sshd |