RAM Account Password Policy without Reuse Prevention

• Query id: a8128dd2-89b0-464b-98e9-5d629041dfe0
• Query name: RAM Account Password Policy without Reuse Prevention
• Platform: Terraform
• Severity: Medium
• Category: Secret Management
• URL: Github

Description

RAM Account Password Policy 'password_reuse_prevention' should be defined and set to 24 or less
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - tf file

resource "alicloud_ram_account_password_policy" "corporate" {
  minimum_password_length      = 9
  require_lowercase_characters = false
  require_uppercase_characters = false
  require_numbers              = false
  require_symbols              = false
  hard_expiry                  = true
  max_password_age             = 12
  max_login_attempts           = 3
}

Postitive test num. 2 - tf file

resource "alicloud_ram_account_password_policy" "corporate" {
  minimum_password_length      = 9
  require_lowercase_characters = false
  require_uppercase_characters = false
  require_numbers              = false
  require_symbols              = false
  hard_expiry                  = true
  max_password_age             = 12
  password_reuse_prevention    = 25
  max_login_attempts           = 3
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "alicloud_ram_account_password_policy" "corporate" {
  minimum_password_length      = 9
  require_lowercase_characters = false
  require_uppercase_characters = false
  require_numbers              = false
  require_symbols              = false
  hard_expiry                  = true
  max_password_age             = 12
  password_reuse_prevention    = 5
  max_login_attempts           = 3
}