Password Without Reuse Prevention
- Query id: 6f5f5444-1422-495f-81ef-24cefd61ed2c
- Query name: Password Without Reuse Prevention
- Platform: Ansible
- Severity: Medium
- Category: Best Practices
- URL: Github
Description¶
Password policy password_reuse_prevention
doesn't exist or is equal to 0
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - yaml file
---
- name: Password policy for AWS account
community.aws.iam_password_policy:
state: present
min_pw_length: 8
require_symbols: false
require_numbers: true
require_uppercase: true
require_lowercase: true
allow_pw_change: true
pw_max_age: 60
pw_expire: false
- name: Password policy for AWS account2
community.aws.iam_password_policy:
state: present
min_pw_length: 8
require_symbols: false
require_numbers: true
require_uppercase: true
require_lowercase: true
allow_pw_change: true
pw_max_age: 60
password_reuse_prevent: 0
pw_expire: false
- name: Password policy for AWS account3
community.aws.iam_password_policy:
state: present
min_pw_length: 8
require_symbols: false
require_numbers: true
require_uppercase: true
require_lowercase: true
allow_pw_change: true
pw_max_age: 60
pw_expire: false
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: Password policy for AWS account
community.aws.iam_password_policy:
state: present
min_pw_length: 8
require_symbols: false
require_numbers: true
require_uppercase: true
require_lowercase: true
allow_pw_change: true
pw_max_age: 60
pw_reuse_prevent: 5
pw_expire: false
- name: Password policy for AWS account2
community.aws.iam_password_policy:
state: present
min_pw_length: 8
require_symbols: false
require_numbers: true
require_uppercase: true
require_lowercase: true
allow_pw_change: true
pw_max_age: 60
password_reuse_prevent: 5
pw_expire: false
- name: Password policy for AWS account3
community.aws.iam_password_policy:
state: present
min_pw_length: 8
require_symbols: false
require_numbers: true
require_uppercase: true
require_lowercase: true
allow_pw_change: true
pw_max_age: 60
prevent_reuse: 5
pw_expire: false