Ram Account Password Policy Not Required Minimum Length
- Query id: a9dfec39-a740-4105-bbd6-721ba163c053
- Query name: Ram Account Password Policy Not Required Minimum Length
- Platform: Terraform
- Severity: High
- Category: Secret Management
- URL: Github
Description¶
Ram Account Password Policy should have 'minimum_password_length' defined and set to 14 or above
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "alicloud_ram_account_password_policy" "corporate" {
minimum_password_length = 9
require_lowercase_characters = false
require_uppercase_characters = false
require_numbers = false
require_symbols = false
hard_expiry = true
max_password_age = 12
password_reuse_prevention = 5
max_login_attempts = 3
}
Positive test num. 2 - tf file
resource "alicloud_ram_account_password_policy" "corporate" {
require_lowercase_characters = false
require_uppercase_characters = false
require_numbers = false
require_symbols = false
hard_expiry = true
max_password_age = 12
password_reuse_prevention = 5
max_login_attempts = 3
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "alicloud_ram_account_password_policy" "corporate" {
minimum_password_length = 14
require_lowercase_characters = false
require_uppercase_characters = false
require_numbers = false
require_symbols = false
hard_expiry = true
max_password_age = 14
password_reuse_prevention = 5
max_login_attempts = 3
}