Description

It was found that password policy does not have password expiration period. By not rotating passwords, you increase the chances of user hijacking.
  • Recommended Mitigation

    It is recommended to set password expiration period in the password policy.