Fluid Attacks Database

Description

Detects AWS EC2 security groups that allow unrestricted FTP access (ports 20-21) from the internet. This poses a security risk as FTP transmits data in plaintext and allowing access from any IP address (0.0.0.0/0 or ::/0) could expose sensitive data to unauthorized users.

Weakness:

024 - Unrestricted access between network segments - AWS

Category: Access Subversion

Detection Strategy

• Scans EC2 security group rules for inbound TCP permissions that include ports 20 and 21 (FTP control and data ports)

• Checks if the port range encompasses both FTP ports (FromPort ≤ 20 and ToPort ≥ 21)

• Identifies if the source IP range is set to 0.0.0.0/0 (IPv4) or ::/0 (IPv6), indicating unrestricted internet access

• Reports a vulnerability when both conditions are met: FTP ports are open AND access is allowed from any IP address

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.