TF 0440 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
IAM Password policy should have requirement for at least one uppercase character.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | iam |
| Provider | AWS |
| Vulnerability Type | omission |
Description
The IAM account password policy does not enforce the requirement for at least one uppercase character in user passwords, allowing the use of weak, easily guessed passwords. This configuration reduces the overall complexity of passwords managed by AWS IAM.
Impact
Without requiring uppercase characters, passwords are more susceptible to brute-force or dictionary attacks, increasing the risk of unauthorized access to AWS resources and potential compromise of sensitive data or infrastructure.
Resolution
Enforce longer, more complex passwords in the policy