Aws Not Requires Symbols
Description
Identifies AWS IAM password policies that don't require special characters (symbols) in passwords. Not requiring symbols in passwords reduces password complexity and makes passwords more susceptible to brute force attacks.
Detection Strategy
• Examines the AWS account's IAM password policy configuration
• Reports a vulnerability if the RequireSymbols setting is explicitly set to false
• Reports a vulnerability if no password policy exists (implying symbols are not required)
• Identifies the specific password policy ARN and configuration value in the vulnerability report
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.