Vulnerability Discussion

Password hints leak information about passwords in use and can lead to loss of confidentiality.

Check

Verify the macOS system is configured to prevent displaying passwords hints with the following command:

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep "RetriesUntilHint"

RetriesUntilHint = 0;

If "RetriesUntilHint" is not set to "0", this is a finding.

Fix

Configure the macOS system to prevent displaying password hints by installing the "Login Window Policy" configuration profile.