← Back to Apple macOS 12 (Monterey) Security Technical Implementation Guide

V-252525

CAT II (Medium)

The macOS system must be configured to prevent displaying password hints.

Rule ID

SV-252525r991589_rule

STIG

Apple macOS 12 (Monterey) Security Technical Implementation Guide

Version

V1R9

CCIs

CCI-000366

Discussion

Password hints leak information about passwords in use and can lead to loss of confidentiality.

Check Content

To check that password hints are disabled, run the following command:

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep RetriesUntilHint

If the return is null or is not "RetriesUntilHint = 0", this is a finding.

Fix Text

This setting is enforce using the "Login Window" Policy.