IAM password policy does not prevent reuse of the four previously used passwords Affecting IAM service in AWS

Snyk CCSS

IAM / Passwords

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

Snyk ID SNYK-CC-00465
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

IAM password policies can prevent the reuse of the previous four passwords. Preventing password reuse increases account resiliency against brute force login attempts.

How to fix?

Set the aws_iam_account_password_policy password_reuse_prevention field to 4 to ensure the previous 4 passwords cannot be reused.

Example Configuration

resource "aws_iam_account_password_policy" "example" {
  password_reuse_prevention = 4
  # other required fields here
}

References

Password Policy for IAM Users

IAM password policy does not prevent reuse of the four previously used passwords Affecting IAM service in AWS

Severity

Description

How to fix?

Example Configuration

References