Ram Account Password Policy Max Login Attempts Unrecommended

  • Query id: e76fd7ab-7333-40c6-a2d8-ea28af4a319e
  • Query name: Ram Account Password Policy Max Login Attempts Unrecommended
  • Platform: Terraform
  • Severity: High
  • Category: Secret Management
  • URL: Github

Description

Ram Account Password Policy should have 'max_login_attempts' to a maximum of 5 incorrect login attempts
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - tf file
resource "alicloud_ram_account_password_policy" "corporate" {
  minimum_password_length      = 9
  require_lowercase_characters = false
  require_uppercase_characters = false
  require_numbers              = false
  require_symbols              = false
  hard_expiry                  = true
  max_password_age             = 12
  password_reuse_prevention    = 5
  max_login_attempts           = 6
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "alicloud_ram_account_password_policy" "corporate" {
  minimum_password_length      = 9
  require_lowercase_characters = false
  require_uppercase_characters = false
  require_numbers              = false
  require_symbols              = false
  hard_expiry                  = true
  max_password_age             = 12
  password_reuse_prevention    = 5
  max_login_attempts           = 3
}
Negative test num. 2 - tf file
resource "alicloud_ram_account_password_policy" "corporate" {
  minimum_password_length      = 9
  require_lowercase_characters = false
  require_uppercase_characters = false
  require_numbers              = false
  require_symbols              = false
  hard_expiry                  = true
  max_password_age             = 12
  password_reuse_prevention    = 5
}