Details
Strong passwords are supported to prevent passwords from being cracked. When a password is set, password complexity is detected by default. If a password does not meet the policy, a warning is required. A strong password mode should be provided. The password verification mechanism is as follows:
a) The default password length shouldn’t be below 8 characters.
b) The password must include either three of ‘number’, ‘capital’, ‘lowercase’, ‘special-character’ or set the ‘character-set-num’ value to 3-4
c) Configure ‘strong-password dictionary’ and ‘same-consecutive’ to avoid weak password
d) Check either of the following words exist in configuration file:
– Encrypt none
– Authentication null
– Encrypted null
– Encryption null
– Security-protocol noauth
– Encrypted noauth
e) If ‘strong-password max-length’ not displayed in configuration, then pass this check.
If ‘strong-password max-length’ displayed in configuration, but max-length value below 10, or not both configuration ‘username-related-chk inverse’ and ‘strong-password date-check enable’ commands, then fail this check.
f) The validity period of an account can be configured.
Solution
It is recommended to set password to support check of simple passwords and weak passwords
ZXR0# configure terminal
ZXR10 (config)# system-user
ZXR10 (config-system-user)# strong-password dictionary
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system ZTE_ROSNG.