Aws Master Keys Exposed
Description
Detects AWS KMS master keys that have overly permissive key policies which could allow unauthorized access to sensitive encryption keys. This vulnerability could enable unauthorized users to access, use, or manage critical KMS keys, potentially compromising the security of encrypted data.
Detection Strategy
• Scans all KMS key aliases in the specified AWS region
• For each KMS key, retrieves and analyzes its associated key policies
• Checks if any policy statements grant overly permissive access (e.g., access to everyone/public)
• Reports a vulnerability if key policies allow broad access patterns that could expose the master key to unauthorized users
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.