Ram Account Password Policy Max Login Attempts Unrecommended
- Query id: e76fd7ab-7333-40c6-a2d8-ea28af4a319e
- Query name: Ram Account Password Policy Max Login Attempts Unrecommended
- Platform: Terraform
- Severity: Medium
- Category: Secret Management
- CWE: 307
- URL: Github
Description¶
Ram Account Password Policy should have 'max_login_attempts' to a maximum of 5 incorrect login attempts
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "alicloud_ram_account_password_policy" "corporate" {
minimum_password_length = 9
require_lowercase_characters = false
require_uppercase_characters = false
require_numbers = false
require_symbols = false
hard_expiry = true
max_password_age = 12
password_reuse_prevention = 5
max_login_attempts = 6
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "alicloud_ram_account_password_policy" "corporate" {
minimum_password_length = 9
require_lowercase_characters = false
require_uppercase_characters = false
require_numbers = false
require_symbols = false
hard_expiry = true
max_password_age = 12
password_reuse_prevention = 5
max_login_attempts = 3
}
Negative test num. 2 - tf file
resource "alicloud_ram_account_password_policy" "corporate" {
minimum_password_length = 9
require_lowercase_characters = false
require_uppercase_characters = false
require_numbers = false
require_symbols = false
hard_expiry = true
max_password_age = 12
password_reuse_prevention = 5
}