Ensure Alibaba Cloud RAM Account maximal login attempts is less than 5
Error: Alibaba Cloud RAM password policy maximal login attempts is more than 4
Bridgecrew Policy ID: BC_ALI_IAM_4
Checkov Check ID: CKV_ALI_23
Severity: MEDIUM
Alibaba Cloud RAM password policy maximal login attempts is more than 4.
Description
By default, the maximal login attempts for a RAM account is set to 5. This means that an unauthorized user can make up to 5 failed login attempts before the account is locked. If the maximal login attempts is set to a lower value, such as 3 or 2, it will take fewer failed login attempts to lock the account. This can help to reduce the risk of unauthorized access to the account, as it makes it more difficult for an attacker to guess the correct login credentials.
Fix - Buildtime
Terraform
resource "alicloud_ram_account_password_policy" "pass" {
minimum_password_length = 9
require_lowercase_characters = false
require_uppercase_characters = false
require_numbers = false
require_symbols = false
hard_expiry = true
max_password_age = 12
password_reuse_prevention = 5
max_login_attempts = 3
}
Updated 9 months ago