SYM_CONF_0257 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Weak Authentication
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-1390: Weak Authentication |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description
The EC2 launch template is configured to allow the older Instance Metadata Service Version 1 (IMDSv1), which lacks strong authentication. This makes it easier for attackers to access sensitive metadata from within the instance.
Impact
If exploited, attackers can retrieve credentials and other metadata from the instance, potentially leading to privilege escalation, data breaches, or compromise of AWS resources. This can result in unauthorized access to critical systems and data.