User Data Contains Encoded Private Key

  • Query id: 568cc372-ca64-420d-9015-ee347d00d288
  • Query name: User Data Contains Encoded Private Key
  • Platform: CloudFormation
  • Severity: High
  • Category: Encryption
  • CWE: Ongoing
  • URL: Github

Description

User Data should not contain a base64 encoded private key. If so, anyone can decode the private key easily
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - json file
{
  "Resources":{
    "myLaunchConfig3":{
      "Type":"AWS::AutoScaling::LaunchConfiguration",
      "Properties":{
        "ImageId":"ami-02354e95b39ca8dec",
        "SecurityGroups":[ { "Ref":"myEC2SecurityGroup" }, "myExistingEC2SecurityGroup" ],
        "InstanceType":"m1.large",
        "KeyName":{
          "Ref":"KeyName"
        },
        "UserData": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpzb21lS2V5"
      }
    }
  }
}
Positive test num. 2 - yaml file
---
Resources:
  myLaunchConfig4:
    Type: AWS::AutoScaling::LaunchConfiguration
    Properties:
      ImageId: "ami-02354e95b39ca8dec"
      SecurityGroups:
        - Ref: "myEC2SecurityGroup"
        - myExistingEC2SecurityGroup
      InstanceType: "m1.large"
      KeyName:
        Ref: "KeyName"
      UserData: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpzb21lS2V5"

Code samples without security vulnerabilities

Negative test num. 1 - json file
{
  "Resources":{
    "myLaunchConfig":{
      "Type":"AWS::AutoScaling::LaunchConfiguration",
      "Properties":{
        "ImageId":"ami-02354e95b39ca8dec",
        "SecurityGroups":[ { "Ref":"myEC2SecurityGroup" }, "myExistingEC2SecurityGroup" ],
        "InstanceType":"m1.large",
        "KeyName":{
          "Ref":"KeyName"
        },
        "UserData": "some-gibberish"
      }
    }
  }
}
Negative test num. 2 - yaml file
---
Resources:
  myLaunchConfig2:
    Type: AWS::AutoScaling::LaunchConfiguration
    Properties:
      ImageId: "ami-02354e95b39ca8dec"
      SecurityGroups:
        - Ref: "myEC2SecurityGroup"
        - myExistingEC2SecurityGroup
      InstanceType: "m1.large"
      KeyName:
        Ref: "KeyName"
      UserData: "some-gibberish"