AWS Credentials Disclosure

medium Web App Scanning Plugin ID 113164

Synopsis

AWS Credentials Disclosure

Description

Amazon Web Services (AWS) is a public cloud provider offering different hosting services for their customers. Amazon Web Services can be accessed through programmatic calls to their API by authenticating with access keys, which are a combination of both an access key ID and a secret access key. Temporary security credentials, which rely on an additional security token, can also be issued to grant users access to AWS resources for a short period of time.

By using leaked AWS credentials or abusing credentials with misconfigured permissions, an attacker could try to gain access to sensitive information on the AWS account or perform arbitrary modification on the AWS resources.

Solution

Ensure that the detected AWS credentials are expected to be available to users, and that the permissions are defined according to their purpose and to AWS security best practices.

See Also

https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html

https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html

Plugin Details

Severity: Medium

ID: 113164

Type: remote

Published: 3/7/2022

Updated: 4/13/2023

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 2.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information