{"description": "The <tt>pam_pwquality.so</tt> module ensures password quality by evaluating user-created passwords \nagainst a system dictionary and a set of rules designed to detect weak choices. Originally derived \nfrom the pam_cracklib module, this module is backward-compatible with options of pam_cracklib.\n<br /><br />\nThe module's process includes prompting the user for a password, checking its strength, and if it \nmeets the criteria requesting the password again for confirmation. If both entries match, the \npassword is passed to subsequent modules to be set as the new authentication token.", "rationale": "Strong passwords significantly increase the time and effort required for unauthorized access, \nincreasing overall system security.", "severity": "medium", "references": {"cis": ["5.3.2.3"]}, "control_references": {"cis": ["5.3.2.3"]}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "package[pam]", "platforms": ["package[pam]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_pam"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Verify pam_pwquality module is activated", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_enabled/rule.yml", "template": null}