[Bug]: iam_user_console_access_unused.py checks for last password usage

[IvanKusturic]

Steps to Reproduce

Results of running Prowler as Fargate task on AWS

Expected behavior

For check with name iam_user_console_access_unused, I would expect to check is user Console access disabled since current report makes false alarm for users with already disabled Console access.

Actual Result with Screenshots or Logs

No screenshots or logs

How did you install Prowler?

Docker (docker pull toniblyx/prowler)

Environment Resource

Fargate task

OS used

Amazon Linux

Prowler version

latest

Pip version

Unknown

Context

No response

[n4ch04]

Hi @IvanKusturic,

Those checks rely on the credential report created by IAM service. That report is refreshed every 4 hours, that could be the reason behind that false positives.

Could you test it again and let us know the result?

Thanks

[IvanKusturic]

Hi @n4ch04,

Thank you for quick response. I understand how this check works, so let me further explain my situation.

On AWS account I have users that used passwords long time ago for console access and prowler reports them. We don't use passwords anymore for accessing AWS and Console Access is disabled for all of the users. From my point of view, it maybe makes sense to check is Console Access enabled for a user before checking when user last used password for access(On this line probably).

What's the point of checking password usage if Console Access is disabled?

Thanks

[IvanKusturic]

Hey @n4ch04, any update on this?

Thanks

[jfagoagas]

Hi @IvanKusturic, we are going to work on this in the following days.

Thanks for using Prowler 🚀

[puchy22]

Hi @IvanKusturic, I am working on this issue now. I am trying to replicate your problem and I have made some changes to the current check in this PR. I would appreciate it if you could try it and send me some feedback.

Thanks for reporting this and helping us improve Prowler. 🚀