Skip to content

Ensure Password Complexity Rule Is in Place

Description

Password complexity includes password characteristics such as length, case, length, and character sets.

Rationale

Complex passwords help mitigate dictionary, brute forcing, and other password attacks.

This recommendation prevents users from choosing weak passwords which can easily be guessed.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine mysql

Default Rule

const { getServerSetting } = module

/**
 * @param {Object} databaseSettings - database settings object
 * @param {Object} parameters - includes default values for assessed variables
 * @returns {boolean} true if password complexity is in place
 */

function validate(databaseSettings, parameters =
    { minPasswordLength : "14",
    minPasswordMixedCaseCount: "1",
    minPasswordNumberCount: "1",
    minPasswordSpecialCharCount: "1",
    passwordPolicy: ["medium", "strong"]}) {

    const length = getServerSetting(databaseSettings, "validate_password_length")
    const mixedCaseCount = getServerSetting(databaseSettings, "validate_password_mixed_case_count")
    const numberCount = getServerSetting(databaseSettings, "validate_password_number_count")
    const specialCharCount = getServerSetting(databaseSettings, "validate_password_special_char_count")
    const policy = getServerSetting(databaseSettings, "validate_password_policy")

    const success = Number(length) >= Number(parameters.minPasswordLength) &&
                    Number(mixedCaseCount) >= Number(parameters.minPasswordMixedCaseCount) &&
                    Number(numberCount) >= Number(parameters.minPasswordNumberCount) &&
                    Number(specialCharCount) >= Number(parameters.minPasswordSpecialCharCount) &&
                    parameters.passwordPolicy.includes(policy)

    return {
        success,
    }
}

// invoke
// TODO: add support for parameters input type
validate(databaseSettings);