owasp-cloud-security icon indicating copy to clipboard operation
owasp-cloud-security copied to clipboard
verified publisher icon owasp-cloud-security

IAM - Attacker having knowledge of unused passwords can compromise the infrastructure

Open msaindane opened this issue 8 years ago • 1 comments

Threat: Spoofing

Mitigations:

  • Disable or delete accounts with passwords unused for a long time.

References: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html

msaindane avatar Oct 23 '17 13:10 msaindane

Related to https://github.com/owasp-cloud-security/owasp-cloud-security/blob/master/aws/iam/aws_iam_threats.yaml#L66 but this is a different threat.

zeroXten avatar Oct 24 '17 00:10 zeroXten