Authentication

Password policy does not prevent password reuse

Description

Password Policy is the set of rules that defines the password a RAM user can choose. A password that has been used in the past may have been compromised in the past, and enlarges the chances to steal the credentials of a RAM user using credential public databases. The cloud account {CloudAccount} was found to have too weak policy.
  • Recommended Mitigation

    Review the password policy and require a password that was not used at the last 5 password changes.