Aws Not Requires Numbers
Description
Detects when AWS IAM password policies don't require numeric characters in passwords. Not requiring numbers in passwords reduces password complexity and security, making accounts more vulnerable to unauthorized access through password attacks.
Detection Strategy
• Checks the AWS account's IAM password policy configuration
• Reports a vulnerability if the 'RequireNumbers' setting is explicitly set to false
• Reports a vulnerability if the 'RequireNumbers' setting is missing from the password policy
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.