Aws Min Password Length Unsafe
Description
Detects if the AWS IAM account password policy is configured with an insufficient minimum password length. Short passwords are more vulnerable to brute force attacks and don't meet security best practices for password complexity.
Detection Strategy
• Password policy exists but minimum length is less than required secure length
• Reports vulnerability when MinimumPasswordLength in the IAM password policy is set below the required minimum
• Checks the account-wide IAM password policy configuration through AWS IAM API
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.