V-277121

Discussion

Automatic login must be disabled. When automatic logins are enabled, the default user account is automatically logged on at boot time without prompting the user for a password. Even if the screen is later locked, a malicious user would be able to reboot the computer and find it already logged in. Disabling automatic logins mitigates this risk. Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000480-GPOS-00229

Check Content

Verify the macOS system is configured to disable unattended or automatic login to the system with the following command:

/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.loginwindow')\
.objectForKey('com.apple.login.mcx.DisableAutoLoginClient').js
EOS

If the result is not "true", this is a finding.