TF 0261 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Roles should not be assigned to default service accounts
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | iam |
| Provider | |
| Vulnerability Type | misconfiguration |
Description
Roles are assigned to default service accounts instead of dedicated, purpose-specific accounts. Default service accounts often have broad permissions and are shared among multiple services, increasing the risk of accidental or unauthorized access.
Impact
If compromised, a default service account with excessive privileges can be exploited to access or control multiple resources across the project, violating the principle of least privilege and increasing the likelihood and impact of privilege escalation or lateral movement within the environment.
Resolution
Use specialised service accounts for specific purposes.