Rule ID
SV-285316r1211176_rule
Version
V1R2
CCIs
If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords must never be used in operational environments. Satisfies: SRG-OS-000106-GPOS-00053, SRG-OS-000480-GPOS-00229, SRG-OS-000480-GPOS-00228
If OpenSSH is not installed on the system, this requirement is not applicable. Verify system remote access using OpenSSH prevents logging on with a blank password with the following command: C:\ > Get-Content "$env:ProgramData\ssh\sshd_config" | Select-String -Pattern '^\s*PermitEmptyPasswords' PermitEmptyPasswords no If the "PermitEmptyPasswords" keyword is set to "yes", is missing, or is commented out, this is a finding.
To configure the system, add or modify the following line in the "$env:ProgramData/ssh/sshd_config" file: PermitEmptyPasswords no Restart the OpenSSH service for the settings to take effect.