Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32691

enhanced "Password Reuse Check Plugin" to STIG Standard

    XMLWordPrintable

Details

    Description

      STIG Standards are:

      1. minimum of 15 characters, including at least one of each of the following character sets:
      - Upper-case
      - Lower-case
      - Numerics
      - Special characters (e.g., ~ ! @ # $ % ^ & * ( ) _ + = - ' [ ] / ? > <)
      2. Minimum number of characters changed from previous password: 50 percent of the minimum password length; that is, eight
       
      3. Review the DBMS settings relating to password lifetime. Determine whether the following rules are enforced. If any are not, this is a finding.
      a. Password lifetime limits for interactive accounts: Minimum 24 hours, maximum 60 days
      b. Password lifetime limits for non-interactive accounts: Minimum 24 hours, maximum 365 days
      c. Number of password changes before an old one may be reused: Minimum of five .
      

      https://www.stigviewer.com/stig/database_security_requirements_guide/2022-06-13/finding/V-206555

      1. will already be covered from Simple Password Check Plugin

      2. Adding variable

      password_reuse_min_percentage
      with default value of 50.

      3.c can be theroretically be emulated (more or less) with manipulating
      mysql.password_reuse_check_history table table.

      So adding a variable like

      password_reuse_check_min_changed

      password_reuse_check_min_changed
      is the minimum of changed passwords. until the same password can be used again.

      Attachments

        Activity

          People

            Unassigned Unassigned
            Richard Richard Stracke
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.