macOS 15 - Sequoia
The macOS system must remove password hints from user accounts
STIG ID:
APPL-15-003014
|
SRG:
SRG-OS-000079-GPOS-00047
|
Severity:
Medium
|
CCI:
CCI-000206
|
Vulnerability ID:
V-268541
Description
User accounts must not contain password hints.Password hints leak information about passwords in use and can lead to loss of confidentiality.
Check
C-268541r1034563_chk
Verify the macOS system is configured to remove password hints from user accounts with the following command:HINT=$(/usr/bin/dscl . -list /Users hint | /usr/bin/awk '{ print $2 }')if [ -z "$HINT" ]; thenecho "PASS"elseecho "FAIL"fiIf the result is not "PASS", this is a finding.
Fix
F-72472r1034562_fix
Configure the macOS system to remove password hints from user accounts with the following command:for u in $(/usr/bin/dscl . -list /Users UniqueID | /usr/bin/awk '$2 > 500 {print $1}'); do/usr/bin/dscl . -delete /Users/$u hintdone