Ubuntu 22.04
Ubuntu 22.04 LTS must not have accounts configured with blank or null passwords
STIG ID:
UBTU-22-611065
|
SRG:
SRG-OS-000480-GPOS-00227
|
Severity:
High
|
CCI:
CCI-000366
|
Vulnerability ID:
V-260571
Description
If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords must never be used in operational environments.
Check
C-64300r953524_chk
Verify all accounts on the system to have a password by using the following command: $ sudo awk -F: '!$2 {print $1}' /etc/shadow If the command returns any results, this is a finding.
Fix
F-64208r953525_fix
Configure all accounts on the system to have a password or lock the account by using the following commands: Set the account password: $ sudo passwd Or lock the account: $ sudo passwd -l