Policy : Linux: minlen in pam

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.150267

Category: Policy

Title: Linux: minlen in pam_pwquality.so

Summary: The pam_pwquality module can be plugged into the password stack;of a given service to provide some plug-in strength-checking for passwords. The code was originally;based on pam_cracklib module and the module is backwards compatible with its options.;; - minlen: The minimum acceptable size for the new password (plus one if credits are not disabled;which is the default). In addition to the number of characters in the new password, credit (of +1;in length) is given for each different kind of character (other, upper, lower and digit). The;default for this parameter is 9. Note that there is a pair of length limits also in Cracklib, which;is used for dictionary checking, a 'way too short' limit of 4 which is hard coded in and a build;time defined limit (6) that will be checked without reference to minlen.

Description: Summary:
The pam_pwquality module can be plugged into the password stack
of a given service to provide some plug-in strength-checking for passwords. The code was originally
based on pam_cracklib module and the module is backwards compatible with its options.

- minlen: The minimum acceptable size for the new password (plus one if credits are not disabled
which is the default). In addition to the number of characters in the new password, credit (of +1
in length) is given for each different kind of character (other, upper, lower and digit). The
default for this parameter is 9. Note that there is a pair of length limits also in Cracklib, which
is used for dictionary checking, a 'way too short' limit of 4 which is hard coded in and a build
time defined limit (6) that will be checked without reference to minlen.

CVSS Score:
0.0

CVSS Vector:
AV:L/AC:H/Au:S/C:N/I:N/A:N

Copyright Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.150267
Category:	Policy
Title:	Linux: minlen in pam_pwquality.so
Summary:	The pam_pwquality module can be plugged into the password stack;of a given service to provide some plug-in strength-checking for passwords. The code was originally;based on pam_cracklib module and the module is backwards compatible with its options.;; - minlen: The minimum acceptable size for the new password (plus one if credits are not disabled;which is the default). In addition to the number of characters in the new password, credit (of +1;in length) is given for each different kind of character (other, upper, lower and digit). The;default for this parameter is 9. Note that there is a pair of length limits also in Cracklib, which;is used for dictionary checking, a 'way too short' limit of 4 which is hard coded in and a build;time defined limit (6) that will be checked without reference to minlen.
Description:	Summary: The pam_pwquality module can be plugged into the password stack of a given service to provide some plug-in strength-checking for passwords. The code was originally based on pam_cracklib module and the module is backwards compatible with its options. - minlen: The minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default for this parameter is 9. Note that there is a pair of length limits also in Cracklib, which is used for dictionary checking, a 'way too short' limit of 4 which is hard coded in and a build time defined limit (6) that will be checked without reference to minlen. CVSS Score: 0.0 CVSS Vector: AV:L/AC:H/Au:S/C:N/I:N/A:N
Copyright	Copyright (C) 2020 Greenbone Networks GmbH