For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by setting the password change type to character sets.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-223218 | JUSX-DM-000129 | SV-223218r1015753_rule | Medium |
| Description |
| Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. The password change-type command specifies whether a minimum number of character-sets or a minimum number of character-set transitions are enforced. The DOD requires this setting be set to character-sets. |
| STIG | Date |
| Juniper SRX Services Gateway NDM Security Technical Implementation Guide | 2024-12-20 |
Details
| Check Text (C-24891r997575_chk) |
| Verify the default local password enforces password complexity by setting the password change type to character sets. [edit] show system login password If the password change-type is not set to character-sets, this is a finding. |
| Fix Text (F-24879r997576_fix) |
| Configure the default local password to enforce password complexity by setting the password change type to character sets. [edit] set system login password change-type character-sets |