Aws Default Allows All Traffic

Description

Detects if the default VPC security group allows unrestricted inbound traffic from any source (0.0.0.0/0). This misconfiguration could expose EC2 instances to unauthorized access from the internet, violating the principle of least privilege and potentially creating entry points for attackers.

Weakness:

024 - Unrestricted access between network segments - AWS

Category: Access Subversion

Detection Strategy

• Identifies security groups with the name 'default' in the AWS account

• Examines each inbound rule (IpPermissions) in the default security group

• Reports a vulnerability if any inbound rule contains a CIDR range of 0.0.0.0/0, which allows traffic from any source IP address

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.