Details
-
Task
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Won't Do
Description
STIG Standards are:
1. minimum of 15 characters, including at least one of each of the following character sets: |
- Upper-case |
- Lower-case |
- Numerics
|
- Special characters (e.g., ~ ! @ # $ % ^ & * ( ) _ + = - ' [ ] / ? > <)
|
2. Minimum number of characters changed from previous password: 50 percent of the minimum password length; that is, eight |
 |
3. Review the DBMS settings relating to password lifetime. Determine whether the following rules are enforced. If any are not, this is a finding. |
a. Password lifetime limits for interactive accounts: Minimum 24 hours, maximum 60 days |
b. Password lifetime limits for non-interactive accounts: Minimum 24 hours, maximum 365 days |
c. Number of password changes before an old one may be reused: Minimum of five .
|
https://www.stigviewer.com/stig/database_security_requirements_guide/2022-06-13/finding/V-206555
1. will already be covered from Simple Password Check Plugin
2. Adding variable
password_reuse_min_percentage
with default value of 50.
3.c can be theroretically be emulated (more or less) with manipulating
mysql.password_reuse_check_history table table.
So adding a variable like
password_reuse_check_min_changed
password_reuse_check_min_changed
is the minimum of changed passwords. until the same password can be used again.