Json Yaml Insecure Tcp Protocol Usage
Description
Identifies AWS EC2 Security Groups configured in CloudFormation templates that use insecure TCP protocol settings. This can lead to overly permissive network access and potential unauthorized access to EC2 instances.
Detection Strategy
• Scans CloudFormation template files for AWS::EC2::SecurityGroup resource definitions
• Analyzes the security group ingress and egress rules to identify TCP protocol configurations
• Reports a vulnerability when a security group allows unrestricted TCP traffic or uses insecure TCP protocol settings
• Focuses on dangerous configurations like overly permissive port ranges or '0.0.0.0/0' CIDR blocks with TCP
Vulnerable code example
Resources:
VulnerableSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Insecure security group configuration
SecurityGroupIngress:
- IpProtocol: tcp # Vulnerable: allows access on port 80 from any IP
FromPort: 80...✅ Secure code example
Resources:
SecureSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Secure security group configuration
SecurityGroupIngress:
- IpProtocol: tcp # Restricted: Allow HTTP only from specific CIDR
FromPort: 80...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.