macOS 15 - Sequoia
The macOS system must disable password hints
STIG ID:
APPL-15-003012
|
SRG:
SRG-OS-000079-GPOS-00047
|
Severity:
Medium
|
CCI:
CCI-000206
|
Vulnerability ID:
V-268539
Description
Password hints must be disabled.Password hints leak information about passwords that are currently in use and can lead to loss of confidentiality.
Check
C-268539r1034557_chk
Verify the macOS system is configured to disable password hints with the following command:/usr/bin/osascript -l JavaScript << EOS$.NSUserDefaults.alloc.initWithSuiteName('com.apple.loginwindow')\.objectForKey('RetriesUntilHint').jsEOSIf the result is not "0", this is a finding.
Fix
F-72470r1034556_fix
Configure the macOS system to disable password hints by installing the "com.apple.loginwindow" configuration profile.