STIG ID: APPL-14-003014 | SRG: SRG-OS-000079-GPOS-00047 | Severity: medium | CCI: | Vulnerability Id: V-259544
User accounts must not contain password hints. Password hints leak information about passwords that are currently in use and can lead to loss of confidentiality.
Configure the macOS system to remove password hints from user accounts with the following command:
for u in $(/usr/bin/dscl . -list /Users UniqueID | /usr/bin/awk '$2 > 500 {print $1}'); do
/usr/bin/dscl . -delete /Users/$u hint
done
Verify the macOS system is configured to remove password hints from user accounts with the following command:
/usr/bin/dscl . -list /Users hint | /usr/bin/awk '{print $2}' | /usr/bin/wc -l | /usr/bin/xargs
If the result is not "0", this is a finding.