TF 0179 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
IAM Password policy should prevent password reuse.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | iam |
| Provider | AWS |
| Vulnerability Type | omission |
Description
The IAM account password policy does not prevent users from reusing recent passwords, allowing them to set the same password as one of their last few. This weakens password security by making it easier for compromised credentials to be reused.
Impact
If exploited, attackers or unauthorized users could repeatedly use previously compromised passwords, increasing the risk of unauthorized access and making it harder to contain account breaches. This undermines password rotation policies and can lead to persistent account compromise.
Resolution
Prevent password reuse in the policy