Terraform Uses Default Port
Description
Identifies AWS ElastiCache clusters configured with default ports, which makes the cache instances more susceptible to attacks since default ports are widely known and commonly targeted. Using custom ports adds an extra layer of security through obscurity.
Detection Strategy
• Scans Terraform configuration files for 'aws_elasticache_cluster' resource definitions
• Checks if the port configuration is missing or set to default values
• Reports a vulnerability when an ElastiCache cluster is configured to use default port settings
Vulnerable code example
resource "aws_elasticache_cluster" "cache" {
cluster_id = "demo-cache"
engine = "memcached"
node_type = "cache.t3.micro"
num_cache_nodes = 1
port = 11211 # Vulnerable: Using default Memcached port (11211) exposes the cache to potential attacks
}✅ Secure code example
resource "aws_elasticache_cluster" "cache" {
cluster_id = "demo-cache"
engine = "memcached"
node_type = "cache.t3.micro"
num_cache_nodes = 1
port = 11289 # Using non-default port reduces exposure to automated scanning
security_group_ids = [aws_security_group.cache_sg.id] # Restrict access using security group
parameter_group_name = aws_elasticache_parameter_group.cache_params.id...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.