Linux Password Maximum Usage Period Not Configured

漏洞信息

漏洞名称: Linux Password Maximum Usage Period Not Configured

漏洞类型: 配置问题

漏洞等级: 中危

漏洞描述: 该漏洞涉及Linux系统中密码最大使用期限未正确配置的问题。Linux是一种广泛使用的开源操作系统,广泛应用于服务器、桌面和嵌入式系统中。此漏洞的具体表现为系统未强制执行密码过期策略,导致被破解的密码可能无限期有效,从而带来安全风险。漏洞的技术根源在于/etc/login.defs文件中的PASS_MAX_DAYS参数未正确设置(建议值≤90),或者个别用户的shadow条目超出了可接受的范围。这种配置问题可能导致安全风险,包括但不限于密码被长期滥用、系统被未授权访问等。虽然此漏洞需要本地访问权限才能利用,但其潜在影响包括信息泄露和权限提升,特别是在多用户环境中。

产品名称: Linux

来源: https://github.com/projectdiscovery/nuclei-templates/blob/dfc176303ffebe3d9f231045fa3abe2cf2ca9874/misconfiguration%2Flinux%2Fpassword-max-days-not-configured.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

id: password-max-days-not-configured

info:
  name: Linux Password Maximum Usage Period Not Configured
  author: songyaeji
  severity: medium
  description: >
    If password expiration is not enforced, compromised passwords may remain valid indefinitely,
    posing a security risk. This template checks whether PASS_MAX_DAYS is configured properly (≤ 90)
    and whether individual user shadow entries exceed acceptable limits.
  reference:
    - https://isms.kisa.or.kr/main/csap/notice/
    - Cloud Vulnerability Assessment Guide(2024) by KISA
  tags: linux,local,misconfiguration,password,compliance
  metadata:
    verified: true
    os: linux
    max-request: 2
  classification:
    cwe-id: CWE-284
    cvss-metrics: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
    cvss-score: 4.6

self-contained: true

code:
  - engine:
      - bash
    source: |
      grep "^PASS_MAX_DAYS" /etc/login.defs 2>/dev/null || echo "no-passmaxdays"
    matchers:
      - type: regex
        part: code_1_response
        regex:
          - 'PASS_MAX_DAYS\s*([9][1-9]|[1-9][0-9]{2,})'
          - 'PASS_MAX_DAYS\s*0'
          - 'no-passmaxdays'

  - engine:
      - bash
    source: |
      awk -F: '$5 >= 91 { print $1 ":" $5 }' /etc/shadow 2>/dev/null || echo "no-shadow-entry"
    matchers:
      - type: regex
        part: code_2_response
        regex:
          - '.*:[9][1-9]|[1-9][0-9]{2,}'

Github Poc
#projectdiscovery/nuclei-templates:github issues #配置问题
Linux Password Maximum Usage Period Not Configured
http://example.com/2025/07/31/github_816369232/
作者
lianccc
发布于
2025年7月31日
许可协议