ElastiCache Using Default Port

  • Query id: 5d89db57-8b51-4b38-bb76-b9bd42bd40f0
  • Query name: ElastiCache Using Default Port
  • Platform: Terraform
  • Severity: Low
  • Category: Networking and Firewall
  • CWE: 284
  • URL: Github

Description

ElastiCache should not use the default port (an attacker can easily guess the port). For engine set to Redis, the default port is 6379. The Memcached default port is 11211
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_elasticache_cluster" "positive1" {
  cluster_id           = "cluster"
  engine               = "redis"
  node_type            = "cache.m5.large"
  num_cache_nodes      = 1
  parameter_group_name = aws_elasticache_parameter_group.default.id
}
Positive test num. 2 - tf file
resource "aws_elasticache_cluster" "positive2" {
  cluster_id           = "cluster"
  engine               = "memcached"
  node_type            = "cache.m5.large"
  num_cache_nodes      = 1
  parameter_group_name = aws_elasticache_parameter_group.default.id
}
Positive test num. 3 - tf file
resource "aws_elasticache_cluster" "positive3" {
  cluster_id           = "cluster"
  engine               = "redis"
  node_type            = "cache.m5.large"
  num_cache_nodes      = 1
  parameter_group_name = aws_elasticache_parameter_group.default.id
  port                 = 6379
}

Positive test num. 4 - tf file 
resource "aws_elasticache_cluster" "positive2" {
  cluster_id           = "cluster"
  engine               = "memcached"
  node_type            = "cache.m5.large"
  num_cache_nodes      = 1
  parameter_group_name = aws_elasticache_parameter_group.default.id
  port                 = 11211
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_elasticache_cluster" "negative1" {
  cluster_id           = "cluster"
  engine               = "redis"
  node_type            = "cache.m5.large"
  num_cache_nodes      = 1
  parameter_group_name = aws_elasticache_parameter_group.default.id
  port                 = 6380
}
Negative test num. 2 - tf file
resource "aws_elasticache_cluster" "negative2" {
  cluster_id           = "cluster"
  engine               = "memcached"
  node_type            = "cache.m5.large"
  num_cache_nodes      = 1
  parameter_group_name = aws_elasticache_parameter_group.default.id
  port                 = 11212
}