documentation_complete: true

title: |-
    Verify Proper Storage and Existence of Password
    Hashes

description: |-
    By default, password hashes for local accounts are stored
    in the second field (colon-separated) in
    <tt>/etc/shadow</tt>. This file should be readable only by
    processes running with root credentials, preventing users from
    casually accessing others' password hashes and attempting
    to crack them.
    However, it remains possible to misconfigure the system
    and store password hashes
    in world-readable files such as <tt>/etc/passwd</tt>, or
    to even store passwords themselves in plaintext on the system.
    Using system-provided tools for password change/creation
    should allow administrators to avoid such misconfiguration.