The operating system must store only encrypted representations of passwords.

STIG ID: SRG-OS-000073-GPOS-00041  |  SRG: SRG-OS-000073 | Severity: medium |  CCI: CCI-000196

Vulnerability Discussion

Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.

Check

Verify the operating system stores only encrypted representations of passwords. If it does not, this is a finding.

Fix

Configure the operating system to store only encrypted representations of passwords.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.