Fluid Attacks Database

Description

Identifies AWS security group configurations that allow unrestricted FTP access (ports 20/21) to EC2 instances. This represents a security risk as unrestricted FTP access could enable unauthorized file transfers and potential data breaches.

Weakness:

024 - Unrestricted access between network segments - AWS

Category: Access Subversion

Detection Strategy

• Check AWS security group and security group rule resources in Terraform configurations

• Look for ingress or egress rules that define port ranges including FTP ports (20,21)

• Evaluate if the CIDR range in the rules is overly permissive (e.g. 0.0.0.0/0)

• Flag security group configurations that allow unrestricted access to FTP ports from any source IP

Vulnerable code example

resource "aws_security_group_rule" "vulnerable" {
  security_group_id = "sg-123456"
  type             = "ingress"
  from_port        = 21        # Exposing FTP port (21) is risky
  to_port          = 21
  protocol         = "-1"      # Allowing all protocols (-1) is overly permissive
  cidr_blocks      = "0.0.0.0/0"   # Opening to all IPs (0.0.0.0/0) is dangerous
}

✅ Secure code example

resource "aws_security_group_rule" "secure" {
  security_group_id = "sg-123456"
  type             = "ingress"
  from_port        = 22         # Using SSH instead of FTP for secure file transfers
  to_port          = 22
  protocol         = "tcp"      # Restricting to TCP protocol only
  cidr_blocks      = ["10.0.0.0/16"]  # Limiting access to internal network range
  description      = "Allow SSH access from internal network"...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.