The macOS system must disable proximity-based password sharing requests.

STIG ID: APPL-14-005060  |  SRG: SRG-OS-000095-GPOS-00049 | Severity: medium |  CCI: CCI-000381

Vulnerability Discussion

Proximity-based password sharing requests must be disabled.

The default behavior of macOS is to allow users to request passwords from other known devices (macOS and
iOS). This feature must be disabled to prevent passwords from being shared.

Check

Verify the macOS system is configured to disable proximity-based password sharing
requests with the following command:

/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\
.objectForKey('allowPasswordProximityRequests').js
EOS

If the result is not "false", this is a finding.

Fix

Configure the macOS system to disable proximity-based password sharing
requests by installing the "com.apple.applicationaccess" configuration profile.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.