Terraform Admin Ports Open To World
Description
Detects AWS security group configurations that allow unrestricted public access (0.0.0.0/0) to administrative ports. This creates a critical security risk by potentially exposing sensitive management interfaces like RDP (3389) or SSH (22) to the entire internet.
Detection Strategy
• Scans AWS security group and security group rule definitions in Terraform configurations
• Identifies ingress rules that specify CIDR range 0.0.0.0/0 (open to world)
• Checks if these open ingress rules allow access to common administrative ports (e.g., 22, 3389)
• Reports a vulnerability when unrestricted public access is configured for sensitive admin ports
Vulnerable code example
resource "aws_security_group" "example" {
name = "example"
vpc_id = "vpc-1234"
ingress {
from_port = 445 # SMB port exposed
to_port = 445
protocol = "tcp"...✅ Secure code example
resource "aws_security_group" "example" {
name = "example"
vpc_id = "vpc-1234"
ingress {
from_port = 445 # SMB access restricted to specific trusted IPv6 ranges
to_port = 445
protocol = "tcp"...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.