Description of problem:

Satellite uses bcrypt for password hashing, introduced in Satellite version 6.7 link[1], and bcrypt is based on the Blowfish cipher and blowfish is not fips compliant, so the STIG scanner is raising an exception that the database appears to use non-FIPS compliant encryption.

Version-Release number of selected component (if applicable):

6.9

Expected results:

Replace bcrypt hash function with (FIPS-approved / NIST recommended) encryption algorithm for internal passwords in the Satellite.

Additional info: