Redshift Using Default Port

• Query id: e01de151-a7bd-4db4-b49b-3c4775a5e881
• Query name: Redshift Using Default Port
• Platform: Ansible
• Severity: Low
• Category: Networking and Firewall
• CWE: 668
• URL: Github

Description

Redshift should not use the default port (5439) because an attacker can easily guess the port
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

- name: Redshift
  community.aws.redshift:
    command: create
    node_type: ds1.xlarge
    identifier: new_cluster
    username: cluster_admin
    password: 1nsecur3
    port: 5439

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: Redshift2
  community.aws.redshift:
    command: create
    node_type: ds1.xlarge
    identifier: new_cluster
    username: cluster_admin
    password: 1nsecur3
    port: 1150