396 – Insecure service configuration - KMS

Description

The automatic key rotation for the KMS service is disabled. By keeping static keys during long periods the chances to compromise a valid key are higher.

Impact

Increase the chance to get valid keys.

Recommendation

Enable the automatic key rotation for all the service keys.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: H
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: U

Requirements

• 266 - Disable insecure functionalities

Fixes

• Aws
• Cloudformation

Last updated

2024/02/20