Password Without Reuse Prevention
- Query id: 89806cdc-9c2e-4bd1-a0dc-53f339bcfb2a
- Query name: Password Without Reuse Prevention
- Platform: Terraform
- Severity: Low
- Category: Best Practices
- CWE: 521
- URL: Github
Description¶
Check if IAM account password has the reuse password configured with 24
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_iam_account_password_policy" "positive1" {
require_lowercase_characters = true
require_numbers = true
require_uppercase_characters = true
require_symbols = true
allow_users_to_change_password = true
password_reuse_prevention = 20
}
resource "aws_iam_account_password_policy" "positive2" {
minimum_password_length = 3
require_lowercase_characters = true
require_numbers = true
require_uppercase_characters = true
require_symbols = true
allow_users_to_change_password = true
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_iam_account_password_policy" "negative1" {
minimum_password_length = 8
require_lowercase_characters = true
require_numbers = true
require_uppercase_characters = true
require_symbols = true
allow_users_to_change_password = true
password_reuse_prevention = 24
}