Redshift Using Default Port
- Query id: a478af30-8c3a-404d-aa64-0b673cee509a
- Query name: Redshift Using Default Port
- Platform: CloudFormation
- Severity: Low
- Category: Networking and Firewall
- URL: Github
Description¶
Redshift should not use the default port (5439) because an attacker can easily guess the port
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
Resources:
myCluster:
Type: "AWS::Redshift::Cluster"
Properties:
PubliclyAccessible: false
DBName: "mydb"
MasterUsername: "master"
MasterUserPassword:
Ref: "MasterUserPassword"
NodeType: "ds2.xlarge"
ClusterType: "single-node"
Tags:
- Key: foo
Value: bar
myCluster2:
Type: "AWS::Redshift::Cluster"
Properties:
PubliclyAccessible: false
DBName: "mydb"
MasterUsername: "master"
MasterUserPassword:
Ref: "MasterUserPassword"
NodeType: "ds2.xlarge"
ClusterType: "single-node"
Tags:
- Key: foo
Value: bar
Port: 5439
Positive test num. 2 - json file
{
"Resources": {
"myCluster": {
"Type": "AWS::Redshift::Cluster",
"Properties": {
"NodeType": "ds2.xlarge",
"ClusterType": "single-node",
"Tags": [
{
"Key": "foo",
"Value": "bar"
}
],
"PubliclyAccessible": true,
"DBName": "mydb",
"MasterUsername": "master",
"MasterUserPassword": {
"Ref": "MasterUserPassword"
}
}
},
"myCluster2": {
"Type": "AWS::Redshift::Cluster",
"Properties": {
"Tags": [
{
"Key": "foo",
"Value": "bar"
}
],
"PubliclyAccessible": true,
"DBName": "mydb",
"MasterUsername": "master",
"MasterUserPassword": {
"Ref": "MasterUserPassword"
},
"NodeType": "ds2.xlarge",
"ClusterType": "single-node",
"Port": 5439
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
Resources:
myCluster:
Type: "AWS::Redshift::Cluster"
Properties:
PubliclyAccessible: false
DBName: "mydb"
MasterUsername: "master"
MasterUserPassword:
Ref: "MasterUserPassword"
NodeType: "ds2.xlarge"
ClusterType: "single-node"
Tags:
- Key: foo
Value: bar
Port: 1150
Negative test num. 2 - json file
{
"Resources": {
"myCluster": {
"Type": "AWS::Redshift::Cluster",
"Properties": {
"MasterUserPassword": {
"Ref": "MasterUserPassword"
},
"NodeType": "ds2.xlarge",
"ClusterType": "single-node",
"Tags": [
{
"Value": "bar",
"Key": "foo"
}
],
"PubliclyAccessible": false,
"DBName": "mydb",
"MasterUsername": "master",
"Port": "1150"
}
}
}
}