IBM zVM CA VM:Secure product PASSWORD user exit must be in use.

From IBM z/VM Using CA VM:Secure Security Technical Implementation Guide

Part of SRG-OS-000078-GPOS-00046

Associated with: CCI-000192 CCI-000193 CCI-000194 CCI-000195 CCI-000198 CCI-000205 CCI-000366 CCI-001619

SV-93581r1_rule IBM zVM CA VM:Secure product PASSWORD user exit must be in use.

Vulnerability discussion

The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password. Use of more characters in a password helps to exponentially increase the time and/or resources required to compromise the password.Satisfies: SRG-OS-000078-GPOS-00046, SRG-OS-000480-GPOS-00227, SRG-OS-000480-GPOS-00227, SRG-OS-000266-GPOS-00101, SRG-OS-000075-GPOS-00043, SRG-OS-000070-GPOS-00038, SRG-OS-000071-GPOS-00039, SRG-OS-000069-GPOS-00037, SRG-OS-000072-GPOS-00040

Check content

If there is no CA VM:Secure PASSWORD user exit in use, this is a finding. Review the CA VM:Secure Password user exit. If there is no code that enforces a minimum 8-character password, this is a finding. If there is no code that prohibits the use of all numbers in the new password, this is a finding. If there is no code that prohibits the use of user name in the new password, this is a finding. If there is no code that prohibits the use of userID in the new password, this is a finding. If there is no code that prohibits the use of consecutive repeated characters, this is a finding. If there is no code requiring that at least one special character be used in the new password, this is a finding. If there is no code that enforces 24 hours/1 day as the minimum password lifetime, this is a finding. If there is no code that enforces a minimum that at least one lowercase character is used in the new password, this is a finding. If there is no code that enforces a minimum that at least one numeric character is used in the new password, this is a finding. If there is no code that enforces a minimum that at least one uppercase character is used in the new password, this is a finding. If there is no code that enforces change of at least 50% of the total number of characters when passwords are changed, this is a finding.

Fix text

Configure a CA VM:Secure PASSWORD user exit that enforces a minimum 8-character password length. Ensure that the following macros are updated with proper PASSWORD user exit: FORCEPWC VMXCHGPW MAINT USE00080

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer