STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide

V-258853

CAT II (Medium)

The Photon operating system must prevent the use of dictionary words for passwords.

Rule ID

SV-258853r933620_rule

STIG

VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000366

Discussion

If the operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks.

Check Content

At the command line, run the following command to verify passwords do not match dictionary words:

# grep '^password.*pam_pwquality.so' /etc/pam.d/system-password

Example result:

password  requisite   pam_pwquality.so  dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=15 difok=8 enforce_for_root dictcheck=1

If the "dictcheck" option is not set to 1, is missing or commented out, this is a finding.

Fix Text

Navigate to and open:

/etc/pam.d/system-password

Configure the pam_pwquality.so line to have the "dictcheck" option set to "1" as follows:

password  requisite   pam_pwquality.so  dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=15 difok=8 enforce_for_root dictcheck=1

Note: On vCenter appliances, the equivalent file must be edited under "/etc/applmgmt/appliance", if one exists, for the changes to persist after a reboot.