Fluid Attacks Database

Description

Detects AWS EC2 security groups configured to allow unrestricted access from the internet (0.0.0.0/0) across all ports. This poses a significant security risk by potentially exposing EC2 instances to unauthorized access from any source IP address.

Weakness:

024 - Unrestricted access between network segments - AWS

Category: Access Subversion

Detection Strategy

• Identify Terraform resource blocks defining AWS security groups (aws_security_group) or security group rules (aws_security_group_rule)

• Look for ingress or egress rules within these security group configurations

• Check if the rule allows access from 0.0.0.0/0 (any IP address)

• Verify if the port range is unrestricted (from_port and to_port span all ports)

• Report a vulnerability if a security group allows all ports (0-65535) open to 0.0.0.0/0

Vulnerable code example

resource "aws_security_group_rule" "allow_all" {
  security_group_id = "sg-123456"
  type             = "ingress"
  from_port        = 0                    # Vulnerable: Opens all ports starting from 0
  to_port          = 65535               # Vulnerable: Opens all ports up to 65535
  protocol         = "tcp"
  cidr_blocks      = ["0.0.0.0/0"]       # Vulnerable: Allows access from any IP address
}

✅ Secure code example

resource "aws_security_group_rule" "allow_https" {
  security_group_id = "sg-123456"
  type             = "ingress"
  from_port        = 443                 # Only allow HTTPS port instead of all ports
  to_port          = 443                 # Restrict to single necessary port
  protocol         = "tcp"
  cidr_blocks      = ["10.0.0.0/16"]    # Restrict to internal network CIDR range
}

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.