Json Yaml Uses Default Port
Description
Identifies AWS ElastiCache clusters defined in CloudFormation templates that use default ports. Using default ports for cache services like Redis (6379) or Memcached (11211) makes the clusters more vulnerable to targeted attacks since these ports are well-known and commonly scanned.
Detection Strategy
• Search for CloudFormation resources of type AWS::ElastiCache::CacheCluster
• Check if the Port property is missing or set to default values (6379 for Redis, 11211 for Memcached)
• Report a vulnerability when an ElastiCache cluster is configured to use these default ports
Vulnerable code example
Resources:
InsecureCache:
Type: 'AWS::ElastiCache::CacheCluster'
Properties:
CacheNodeType: 'cache.t2.micro'
Engine: 'memcached' # Vulnerable: memcached has no authentication by default
NumCacheNodes: 1
Port: 11211 # Vulnerable: Using default memcached port is risky, easily scannable✅ Secure code example
Resources:
SecureCache:
Type: 'AWS::ElastiCache::CacheCluster'
Properties:
CacheNodeType: 'cache.t2.micro'
Engine: 'redis' # Redis preferred over memcached for built-in authentication
EngineVersion: '7.0' # Using recent version with security updates
NumCacheNodes: 1...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.