Aws Automatic Rotation Disabled
Description
Detects AWS Secrets Manager secrets that do not have automatic rotation enabled. When secrets are not automatically rotated, they can become stale and pose a security risk if compromised, as the same credentials remain valid for extended periods.
Detection Strategy
• Lists all secrets in the AWS Secrets Manager service for the given region
• Checks each secret's configuration to determine if rotation is enabled
• Reports a vulnerability when a secret has RotationEnabled set to false or undefined
Severity v4.0
1.7
Low
Method ID
CSPM-CRNSE
Technique
CSPM
Target
AWS
Technology
SECRETS_MANAGER
CWE ID(s)
CWE-262Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.