Redshift Using Default Port

  • Query id: 41abc6cc-dde1-4217-83d3-fb5f0cc09d8f
  • Query name: Redshift Using Default Port
  • Platform: Terraform
  • Severity: Low
  • Category: Networking and Firewall
  • CWE: 668
  • URL: Github

Description

Redshift should not use the default port (5439) because an attacker can easily guess the port
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_redshift_cluster" "positive1" {
  cluster_identifier    = "tf-redshift-cluster"
  database_name         = "mydb"
  master_username       = "foo"
  master_password       = "Mustbe8characters"
  node_type             = "dc1.large"
  cluster_type          = "single-node"
  publicly_accessible   = false
}
Positive test num. 2 - tf file
resource "aws_redshift_cluster" "positive2" {
  cluster_identifier    = "tf-redshift-cluster"
  database_name         = "mydb"
  master_username       = "foo"
  master_password       = "Mustbe8characters"
  node_type             = "dc1.large"
  cluster_type          = "single-node"
  publicly_accessible   = false
  port                  = 5439
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_redshift_cluster" "negative1" {
  cluster_identifier    = "tf-redshift-cluster"
  database_name         = "mydb"
  master_username       = "foo"
  master_password       = "Mustbe8characters"
  node_type             = "dc1.large"
  cluster_type          = "single-node"
  publicly_accessible   = false
  port                  = 1150
}