Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
[CCE-28307-7] retries_until_hint #8
Parameters: N / A
Reference: OSX 10.6 DISA STIG, NIST SCM rules, CIS Security Configuration benchmark for 10.6.
Rationale: N / A.
SOHO: disable hints
Additional Mechanism: N / A
OVAL Content: N / A
plink53@… originally submitted this as comment:2:ticket:7
I question this setting. It used to be FileVault wouldn't give the message about entering the FV master password if someone failed three times if the hint wasn't turned on. Is this still true? Does FV2 give an admin the ability to reset a user's password if they forget it with the hint disabled?
Is there a vulnerability or attack vector enabled by enabling hints?
I don't believe there's a NIST 800-53 setting for this.