Redshift Using Default Port
- Query id: 41abc6cc-dde1-4217-83d3-fb5f0cc09d8f
- Query name: Redshift Using Default Port
- Platform: Terraform
- Severity: Low
- Category: Networking and Firewall
- CWE: 668
- URL: Github
Description¶
Redshift should not use the default port (5439) because an attacker can easily guess the port
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_redshift_cluster" "positive1" {
cluster_identifier = "tf-redshift-cluster"
database_name = "mydb"
master_username = "foo"
master_password = "Mustbe8characters"
node_type = "dc1.large"
cluster_type = "single-node"
publicly_accessible = false
}
Positive test num. 2 - tf file
resource "aws_redshift_cluster" "positive2" {
cluster_identifier = "tf-redshift-cluster"
database_name = "mydb"
master_username = "foo"
master_password = "Mustbe8characters"
node_type = "dc1.large"
cluster_type = "single-node"
publicly_accessible = false
port = 5439
}