{"description": "Temporary passwords for Ubuntu 22.04 operating system logons must\nrequire an immediate change to a permanent password.\n\nVerify that a policy exists that ensures when a user is created, it is\ncreating using a method that forces a user to change their password upon\ntheir next login.", "rationale": "Without providing this capability, an account may be created without a\npassword. Nonrepudiation cannot be guaranteed once an account is created if\na user is not forced to change the temporary password upon initial logon.\n\nTemporary passwords are typically used to allow access when new accounts\nare created or passwords are changed. It is common practice for\nadministrators to create temporary passwords for user accounts that allow\nthe users to log on, yet force them to change the password once they have\nsuccessfully authenticated.", "severity": "medium", "references": {"srg": ["SRG-OS-000380-GPOS-00165"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "any temporary or emergency accounts have no expiration date set or do not expire within a documented time frame", "ocil": "Verify that a policy exists that ensures when a user is created, it is\ncreating using a method that forces a user to change their password upon\ntheir next login.\n\nConfigure the Ubuntu 22.04 operating system to allow the use of a\ntemporary password for system logons with an immediate change to a\npermanent password.\n\nUsing one of the acceptable methods listed below, force a user to change\ntheir password on their next logon by replacing \"[UserName]\" in the one of the\nfollowing commands:\n\n<pre># chage -d 0 [UserName]\n# passwd -e [UserName]</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Policy Requires Immediate Change of Temporary Passwords", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/policy_temp_passwords_immediate_change/rule.yml", "template": null}