CME-802

Password Quality Enforcement (pwquality)

Harden Identity Medium Confidence

Description

Enforces minimum password complexity (length, character classes, dictionary checks) via pam_pwquality, making brute force and dictionary attacks impractical.

CVSS Vector Impacts

Metric Transition Rationale
Attack Complexity (AC) L H Password brute force requires significantly more time/resources

CWE Relationships

CWE-521

Verification

Check pwquality configuration

$ grep -E 'minlen|minclass|dcredit' /etc/security/pwquality.conf
# Expected: minlen = 14
Platform: rhel

References

  • Red Hat Security Hardening Guide — Password security
  • CIS RHEL 9 Benchmark — 5.4 Configure PAM
← CME-801: Multi-Factor Authentication (MFA) CME-803: Account Lockout Policy (pam_faillock) →