Json Yaml Insecure Viewer Protocol Policy

Description

Identifies AWS CloudFront Distributions that are configured to serve content over insecure HTTP protocol. Using HTTP instead of HTTPS exposes the content to man-in-the-middle attacks and data tampering, potentially compromising sensitive information in transit.

Weakness:

372 - Use of an insecure channel - HTTP

Category: Information Collection

Detection Strategy

• Check if resource type is AWS::CloudFront::Distribution in CloudFormation template

• Examine the ViewerProtocolPolicy property in the Distribution configuration

• Report a vulnerability if the policy allows HTTP access (when set to 'allow-all' or HTTP is explicitly enabled)

• Look for these configurations in DistributionConfig > DefaultCacheBehavior and CustomCacheBehavior sections

Vulnerable code example

Resources:
  myDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Enabled: 'true'
        DefaultCacheBehavior:
          TargetOriginId: origin1...

✅ Secure code example

Resources:
  myDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Enabled: 'true'
        DefaultCacheBehavior:
          TargetOriginId: origin1...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.