QualysGuard 6.15 Update introduces Password Auditing for policy compliance users. Password auditing is supported on Windows and Unix systems.
With password auditing the scanning engine is able to gather data about user accounts/passwords on target hosts in order to evaluate service-provided password auditing controls. The service provides password auditing controls for identifying 1) user accounts with empty passwords, 2) user accounts with the password equal to the user name, and 3) user accounts with passwords equal to an entry in a user-defined password dictionary.
This document describes step-by-step instructions for using the Password Auditing feature.
Update: Document updated January 4, 2013 with new screenshots and minor revisions.