IAM Password policy should have requirement for at least one lowercase character.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | iam |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
The IAM password policy does not enforce the use of at least one lowercase character in user passwords, allowing weak and easily guessable passwords to be set. This reduces the overall strength of account credentials.
Impact#
Without a requirement for lowercase characters, passwords are simpler and more vulnerable to brute-force or dictionary attacks, increasing the risk of unauthorized access to AWS resources and potential compromise of sensitive data.
Resolution#
Enforce longer, more complex passwords in the policy