People: |
|
|---|
Bug 1167 - Password Change Policy Enforcement Deficiency || EAL2 ||
Review Request #451 — Created Sept. 12, 2024 and updated
| Information | |
|---|---|
| timlai | |
| APV10 | |
| rel_apv_10_7 | |
| 1167 | |
| Reviewers | |
| kevin.poh, rreddy, weikai | |
Root Cause:
The current password change mechanism lacks robust enforcement of password complexity requirements.
The system permits an indefinite number of attempts to set a new password, even when it fails to meet established complexity criteria.
This deficiency poses a potential security risk.Solution:
Restrict the user to change password till max five wrong attempt after that user need to wait for 300 second
AN(config)#passwd forcemode on
AN(config)#passwd user array aaa
Invalid password! It must contain at least 8 characters.
The user "array" will be locked if it fails to change password in more than 4 consecutive times.
Failed to execute "passwd user array aaa"AN(config)#passwd user array aaabbb
Invalid password! It must contain at least 8 characters.
The user "array" will be locked if it fails to change password in more than 3 consecutive times.
Failed to execute "passwd user array aaabbb"AN(config)#passwd user array aaabbbccc
Weak password: it must be at least 8 characters in length and consist of a combination of three of the following: uppercase, lowercase, numeric and special character.
set password failed.
The user "array" will be locked if it fails to change password in more than 2 consecutive times.
Failed to execute "passwd user array aaabbbccc"AN(config)#passwd user array aaabbbccc
Weak password: it must be at least 8 characters in length and consist of a combination of three of the following: uppercase, lowercase, numeric and special character.
set password failed.
The user "array" will be locked if it fails to change password in more than 1 consecutive times.
Failed to execute "passwd user array aaabbbccc"AN(config)#passwd user array aaabbbccc
Weak password: it must be at least 8 characters in length and consist of a combination of three of the following: uppercase, lowercase, numeric and special character.
set password failed.
The user "array" has failed to change password in more than 5 consecutive times and has been locked.
Please retry after 300 seconds.
Failed to execute "passwd user array aaabbbccc"AN(config)#passwd user array aaabbbccc
The user "array" has failed to change password in more than 5 consecutive times and has been locked.
Please retry after 297 seconds.
Failed to execute "passwd user array aaabbbccc"
