Redshift Using Default Port

  • Query id: e01de151-a7bd-4db4-b49b-3c4775a5e881
  • Query name: Redshift Using Default Port
  • Platform: Ansible
  • Severity: Low
  • Category: Networking and Firewall
  • CWE: 668
  • URL: Github

Description

Redshift should not use the default port (5439) because an attacker can easily guess the port
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: Redshift
  community.aws.redshift:
    command: create
    node_type: ds1.xlarge
    identifier: new_cluster
    username: cluster_admin
    password: 1nsecur3
    port: 5439

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Redshift2
  community.aws.redshift:
    command: create
    node_type: ds1.xlarge
    identifier: new_cluster
    username: cluster_admin
    password: 1nsecur3
    port: 1150