{"description": "The pam_pwquality module's <tt>dictcheck</tt> check if passwords contains dictionary words. When\n<tt>dictcheck</tt> is set to <tt>1</tt> passwords will be checked for dictionary words.", "rationale": "Use of a complex password helps to increase the time and resources required to compromise the password.\nPassword complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at\nguessing and brute-force attacks.\n<br /><br />\nPassword complexity is one factor of several that determines how long it takes to crack a password. The more\ncomplex the password, the greater the number of possible combinations that need to be tested before the\npassword is compromised.\n<br /><br />\nPasswords with dictionary words may be more vulnerable to password-guessing attacks.", "severity": "medium", "references": {"nist": ["IA-5(c)", "IA-5(1)(a)", "CM-6(a)", "IA-5(4)"], "srg": ["SRG-OS-000480-GPOS-00225", "SRG-OS-000072-GPOS-00040"], "cis": ["5.3.3.2.6"], "stigid": ["UBTU-22-611030"], "stigref": ["SV-260564r991587_rule"]}, "control_references": {"cis": ["5.3.3.2.6"], "stigid": ["UBTU-22-611030"]}, "components": [], "identifiers": {}, "ocil_clause": "\"dictcheck\" does not have a value other than \"0\", or is commented out", "ocil": "Verify Ubuntu 22.04 prevents the use of dictionary words for passwords with the following command:\n\n<pre>$ sudo grep dictcheck /etc/security/pwquality.conf /etc/pwquality.conf.d/*.conf\n\n/etc/security/pwquality.conf:dictcheck=1</pre>", "oval_external_content": null, "fixtext": "Configure Ubuntu 22.04 to prevent the use of dictionary words for passwords.\n\nAdd or update the following line in the \"/etc/security/pwquality.conf\" file or a configuration file in the /etc/pwquality.conf.d/ directory to contain the \"dictcheck\" parameter:\n\ndictcheck=1", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must prevent the use of dictionary words for passwords.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 Must Prevent The Use Of Dictionary Words For Passwords.", "vuldiscussion": "Use of a complex password helps to increase the time and resources required to compromise the password.\nPassword complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at\nguessing and brute-force attacks.\n\nIf Ubuntu 22.04 allows the user to select passwords based on dictionary words, this increases the chances of password compromise by increasing the opportunity for successful guesses, and brute-force attacks.", "checktext": "Verify Ubuntu 22.04 prevents the use of dictionary words for passwords with the following command:\n\n$ sudo grep dictcheck /etc/security/pwquality.conf /etc/pwquality.conf.d/*.conf\n\n/etc/security/pwquality.conf:dictcheck=1\n\nIf \"dictcheck\" does not have a value other than \"0\", or is commented out, this is a finding.", "fixtext": "Configure Ubuntu 22.04 to prevent the use of dictionary words for passwords.\n\nAdd or update the following line in the \"/etc/security/pwquality.conf\" file or a configuration file in the /etc/pwquality.conf.d/ directory to contain the \"dictcheck\" parameter:\n\ndictcheck=1"}}, "platform": "package[libpwquality]", "platforms": ["package[libpwquality]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_libpwquality"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml", "template": {"name": "accounts_password", "vars": {"variable": "dictcheck", "operation": "equals"}, "backends": {}}}