Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: iam_user_console_access_unused.py checks for last password usage #3176

Open
IvanKusturic opened this issue Dec 11, 2023 · 3 comments
Open

[Bug]: iam_user_console_access_unused.py checks for last password usage #3176

IvanKusturic opened this issue Dec 11, 2023 · 3 comments
Assignees
@n4ch04
Labels
bug provider/aws Issues/PRs related with the AWS provider status/waiting-for-revision Waiting for maintainer's revision

Comments

@IvanKusturic
Copy link

Steps to Reproduce

Results of running Prowler as Fargate task on AWS

Expected behavior

For check with name iam_user_console_access_unused, I would expect to check is user Console access disabled since current report makes false alarm for users with already disabled Console access.

Actual Result with Screenshots or Logs

No screenshots or logs

How did you install Prowler?

Docker (docker pull toniblyx/prowler)

Environment Resource

Fargate task

OS used

Amazon Linux

Prowler version

latest

Pip version

Unknown

Context

No response
@IvanKusturic IvanKusturic added bug status/needs-triage Issue pending triage labels Dec 11, 2023
@n4ch04 n4ch04 self-assigned this Dec 11, 2023
@n4ch04
Copy link
Contributor

n4ch04 commented Dec 11, 2023

Hi @IvanKusturic,

Those checks rely on the credential report created by IAM service. That report is refreshed every 4 hours, that could be the reason behind that false positives.

Could you test it again and let us know the result?

Thanks

@IvanKusturic
Copy link
Author

Hi @n4ch04,

Thank you for quick response. I understand how this check works, so let me further explain my situation.

On AWS account I have users that used passwords long time ago for console access and prowler reports them. We don't use passwords anymore for accessing AWS and Console Access is disabled for all of the users. From my point of view, it maybe makes sense to check is Console Access enabled for a user before checking when user last used password for access(On this line probably).

What's the point of checking password usage if Console Access is disabled?

Thanks

@n4ch04 n4ch04 added status/waiting-for-revision Waiting for maintainer's revision provider/aws Issues/PRs related with the AWS provider and removed status/needs-triage Issue pending triage labels Dec 12, 2023
@IvanKusturic
Copy link
Author

Hey @n4ch04, any update on this?

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@n4ch04 n4ch04

Labels
bug provider/aws Issues/PRs related with the AWS provider status/waiting-for-revision Waiting for maintainer's revision
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@n4ch04 @IvanKusturic