ElastiCache Using Default Port
- Query id: 5d89db57-8b51-4b38-bb76-b9bd42bd40f0
- Query name: ElastiCache Using Default Port
- Platform: Terraform
- Severity: Low
- Category: Networking and Firewall
- CWE: 284
- URL: Github
Description¶
ElastiCache should not use the default port (an attacker can easily guess the port). For engine set to Redis, the default port is 6379. The Memcached default port is 11211
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_elasticache_cluster" "positive1" {
cluster_id = "cluster"
engine = "redis"
node_type = "cache.m5.large"
num_cache_nodes = 1
parameter_group_name = aws_elasticache_parameter_group.default.id
}
Positive test num. 2 - tf file
resource "aws_elasticache_cluster" "positive2" {
cluster_id = "cluster"
engine = "memcached"
node_type = "cache.m5.large"
num_cache_nodes = 1
parameter_group_name = aws_elasticache_parameter_group.default.id
}
Positive test num. 3 - tf file
resource "aws_elasticache_cluster" "positive3" {
cluster_id = "cluster"
engine = "redis"
node_type = "cache.m5.large"
num_cache_nodes = 1
parameter_group_name = aws_elasticache_parameter_group.default.id
port = 6379
}