TF 0446 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Ensure all data stored in the launch configuration EBS is securely encrypted
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | ec2 |
| Provider | AWS |
| Vulnerability Type | misconfiguration |
Description
Sensitive information, such as credentials or secrets, is included in EC2 Launch Configuration user data, which is stored in plaintext and accessible to anyone with instance or API access. This exposes confidential data in an insecure manner.
Impact
If exploited, attackers or unauthorized users with access to the instance or AWS APIs can retrieve sensitive data from user data scripts, leading to potential credential theft, unauthorized access to systems, or further compromise of cloud resources.
Resolution
Don't use sensitive data in user data