Weak Encryption Key
The following SSH Keys are defined with low level of encryption. This counfiguration might allow key cracking and compromise.
All articles by The Orca Security Team
KMS encryption key rotation period is bigger than 90 days
Rotating kms keys regularly helps prevent brute-force attacks enabled by cryptanalysis and limits the number of actual messages vulnerable in...
App Service Authentication is off
By Enabling Authentication, every incoming HTTP request passes through it before being handled by the application code. It also handles...
Root User without MFA
The root account is the highest privileged user in the cloud account. Multi-Factor Authentication (MFA) adds another mechanism of authentication...
RDS database instance is using the default master username
An Amazon Relational Database Service (Amazon RDS) DB instance is an isolated database environment running in the cloud. The DB...
GKE using certificate based authentication
A client certificate is a base64-encoded public certificate used by clients to authenticate to the cluster endpoint. Client certificates can...
GKE using Basic Authentication
Basic Authentication allows a user to authenticate to a Kubernetes cluster with a username and static password which is stored...
Key Vault secret without expiration time
Expiration time is not set for {AzureKeyVaultSecret}. It is recommended that secrets be rotated in the key vault and set...
Root User without Hardware MFA
The root user account is the most privileged user in an AWS account. MFA adds an extra layer of protection...
Personalized Demo
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.
Chat with Us
See Orca Security in Action
Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.
Chat with an Orca ExpertNo Slack account required.