Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.150267
Category:Policy
Title:Linux: minlen in pam_pwquality.so
Summary:The pam_pwquality module can be plugged into the password stack;of a given service to provide some plug-in strength-checking for passwords. The code was originally;based on pam_cracklib module and the module is backwards compatible with its options.;; - minlen: The minimum acceptable size for the new password (plus one if credits are not disabled;which is the default). In addition to the number of characters in the new password, credit (of +1;in length) is given for each different kind of character (other, upper, lower and digit). The;default for this parameter is 9. Note that there is a pair of length limits also in Cracklib, which;is used for dictionary checking, a 'way too short' limit of 4 which is hard coded in and a build;time defined limit (6) that will be checked without reference to minlen.
Description:Summary:
The pam_pwquality module can be plugged into the password stack
of a given service to provide some plug-in strength-checking for passwords. The code was originally
based on pam_cracklib module and the module is backwards compatible with its options.

- minlen: The minimum acceptable size for the new password (plus one if credits are not disabled
which is the default). In addition to the number of characters in the new password, credit (of +1
in length) is given for each different kind of character (other, upper, lower and digit). The
default for this parameter is 9. Note that there is a pair of length limits also in Cracklib, which
is used for dictionary checking, a 'way too short' limit of 4 which is hard coded in and a build
time defined limit (6) that will be checked without reference to minlen.

CVSS Score:
0.0

CVSS Vector:
AV:L/AC:H/Au:S/C:N/I:N/A:N

CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.