← Back to Apple macOS 13 (Ventura) Security Technical Implementation Guide

V-257231

CAT II (Medium)

The macOS system must be configured to prevent displaying password hints.

Rule ID

SV-257231r991589_rule

STIG

Apple macOS 13 (Ventura) Security Technical Implementation Guide

Version

V1R5

CCIs

CCI-000366

Discussion

Password hints leak information about passwords in use and can lead to loss of confidentiality.

Check Content

Verify the macOS system is configured to prevent displaying passwords hints with the following command:

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep "RetriesUntilHint"

RetriesUntilHint = 0;

If "RetriesUntilHint" is not set to "0", this is a finding.

Fix Text

Configure the macOS system to prevent displaying password hints by installing the "Login Window Policy" configuration profile.