Aws Cluster Tls Disabled
Description
Detects Amazon RDS database clusters that do not enforce TLS/SSL encrypted connections. When TLS is not enforced, database connections can be established without encryption, potentially exposing sensitive data in transit to interception or tampering.
Detection Strategy
• Checks RDS cluster parameter groups for security parameters 'require_secure_transport' or 'rds.force_ssl'
• Reports a vulnerability if either parameter is set to '0' or 'OFF', indicating TLS/SSL is not enforced
• Examines all database clusters in the specified AWS region and their associated parameter group configurations
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.