Ram Account Password Policy Max Password Age Unrecommended
- Query id: 2bb13841-7575-439e-8e0a-cccd9ede2fa8
- Query name: Ram Account Password Policy Max Password Age Unrecommended
- Platform: Terraform
- Severity: Medium
- Category: Secret Management
- CWE: 521
- URL: Github
Description¶
Ram Account Password Policy Password 'max_password_age' should be higher than 0 and lower than 91
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "alicloud_ram_account_password_policy" "corporate" {
minimum_password_length = 9
require_lowercase_characters = false
require_uppercase_characters = false
require_numbers = false
require_symbols = false
hard_expiry = true
password_reuse_prevention = 5
max_login_attempts = 3
}
Positive test num. 2 - tf file
resource "alicloud_ram_account_password_policy" "corporate" {
minimum_password_length = 9
require_lowercase_characters = false
require_uppercase_characters = false
require_numbers = false
require_symbols = false
hard_expiry = true
max_password_age = 92
password_reuse_prevention = 5
max_login_attempts = 3
}
Positive test num. 3 - tf file
resource "alicloud_ram_account_password_policy" "corporate" {
minimum_password_length = 9
require_lowercase_characters = false
require_uppercase_characters = false
require_numbers = false
require_symbols = false
hard_expiry = true
max_password_age = 0
password_reuse_prevention = 5
max_login_attempts = 3
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "alicloud_ram_account_password_policy" "corporate" {
minimum_password_length = 9
require_lowercase_characters = false
require_uppercase_characters = false
require_numbers = false
require_symbols = false
hard_expiry = true
max_password_age = 12
password_reuse_prevention = 5
max_login_attempts = 3
}