Aws Domain Exposed
Description
Detects AWS OpenSearch domains with dangerous public exposure through overly permissive access policies. A vulnerability is reported when an OpenSearch domain's policy contains an "Allow" statement that grants access to all principals ('*') without any conditional restrictions, which could enable unauthorized access to sensitive data.
Detection Strategy
• Scans each OpenSearch domain in the AWS account and region
• Analyzes the domain's access policy looking for 'Allow' statements
• Reports a vulnerability if a policy statement has Principal set to '*' or {"AWS": "*"} with Effect: "Allow" and no Condition clause
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.