Weak credential policy - Password strength
Description
The credential policy present in the system does not have the recommended parameters.
Impact
Allow users to assign weak passwords to their accounts, which can later be easily found by an attacker through brute force or dictionary attacks.
Recommendation
Establish a policy for credential creation that involves phrases and not word-based passwords.
Threat
Attacker with an account creation invitation from the Internet.
Expected Remediation Time
⏱️ 30 minutes.
Requirements
130 - Limit password lifespan132 - Passphrases with at least 4 words133 - Passwords with at least 20 characters139 - Set minimum OTP length332 - Prevent the use of breached passwordsRules
Aws Password Expiration UnsafeAws Password Reuse UnsafeAws Not Requires NumbersAws Not Requires LowercaseAws Not Requires SymbolsAws Min Password Length UnsafeAws Not Requires UppercaseApi Weak Password PolicyJson Yaml Weak Secret ConfigurationTypescript Bcrypt Unsafe Empty PasswordJavascript Jwt Unsafe Empty PasswordJavascript Sequelize Unsafe Empty PasswordJava Empty Password ConnectionTypescript Crypto Unsafe Empty PasswordTerraform Weak Secret ConfigurationGo Mysql Empty Password In DsnTypescript Sequelize Unsafe Empty PasswordTypescript Jwt Unsafe Empty PasswordJavascript Bcrypt Unsafe Empty PasswordJavascript Crypto Unsafe Empty Password