Ubuntu 22.04 LTS must not have accounts configured with blank or null passwords.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-260571 | UBTU-22-611065 | SV-260571r991589_rule | High |
| Description |
| If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords must never be used in operational environments. |
| STIG | Date |
| Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide | 2025-05-16 |
Details
| Check Text (C-64300r953524_chk) |
| Verify all accounts on the system to have a password by using the following command: $ sudo awk -F: '!$2 {print $1}' /etc/shadow If the command returns any results, this is a finding. |
| Fix Text (F-64208r953525_fix) |
| Configure all accounts on the system to have a password or lock the account by using the following commands: Set the account password: $ sudo passwd <username> Or lock the account: $ sudo passwd -l <username> |