RAM Account Password Policy without Reuse Prevention
- Query id: a8128dd2-89b0-464b-98e9-5d629041dfe0
- Query name: RAM Account Password Policy without Reuse Prevention
- Platform: Terraform
- Severity: Medium
- Category: Secret Management
- URL: Github
Description¶
RAM Account Password Policy 'password_reuse_prevention' should be defined and set to 24 or less
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "alicloud_ram_account_password_policy" "corporate" {
minimum_password_length = 9
require_lowercase_characters = false
require_uppercase_characters = false
require_numbers = false
require_symbols = false
hard_expiry = true
max_password_age = 12
max_login_attempts = 3
}
Positive test num. 2 - tf file
resource "alicloud_ram_account_password_policy" "corporate" {
minimum_password_length = 9
require_lowercase_characters = false
require_uppercase_characters = false
require_numbers = false
require_symbols = false
hard_expiry = true
max_password_age = 12
password_reuse_prevention = 25
max_login_attempts = 3
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "alicloud_ram_account_password_policy" "corporate" {
minimum_password_length = 9
require_lowercase_characters = false
require_uppercase_characters = false
require_numbers = false
require_symbols = false
hard_expiry = true
max_password_age = 12
password_reuse_prevention = 5
max_login_attempts = 3
}