Aws Password Expiration Unsafe
Description
Detects when AWS IAM account password policy is configured with an unsafe maximum password age that exceeds recommended duration. Having passwords that can be used for too long without requiring rotation increases the risk of credential compromise and unauthorized account access.
Detection Strategy
• Retrieves the IAM account password policy for the AWS account
• Checks if MaxPasswordAge in the password policy is set and exceeds 90 days
• Reports a vulnerability if password expiration period is too long or not enforced
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.