Json Yaml Unrestricted Ftp Access
Description
Detects unrestricted FTP access (ports 20/21) in AWS EC2 security groups defined in CloudFormation templates. Unrestricted FTP access can expose file transfer services to unauthorized users from any source IP address, potentially leading to unauthorized data access or file system manipulation.
Detection Strategy
• Examines EC2 security group rules in CloudFormation templates
• Checks both inbound (ingress) and outbound (egress) traffic rules
• Identifies rules that allow FTP ports (20 and/or 21)
• Flags security group rules where FTP ports are accessible from unrestricted sources (like 0.0.0.0/0 or ::/0)
• Reports a vulnerability when unrestricted FTP access is found in any security group rule
Vulnerable code example
Resources:
MySecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Vulnerable security group example
VpcId: !Ref myVPC
SecurityGroupIngress:
- IpProtocol: tcp...✅ Secure code example
Resources:
MySecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Secure security group example
VpcId: !Ref myVPC
SecurityGroupIngress:
- IpProtocol: tcp...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.