Lateral movement

EC2 Instance with secrets in UserData Attribute

Platform(s)
Compliance Frameworks

CCPA, CPRA, Data Security Posture Management (DSPM) Best Practices, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, NIST 800-171, NIST 800-53, PDPA, UK Cyber Essentials

Description

Instance metadata can be used to access user data that was specified when launching the instance. For example, a parameter can be specified for configuring the instance, or include a simple script. The user data is not protected by authentication or cryptography, and therefore, anyone with access to the instance can view it. Secrets were found for the instance {AwsEc2Instance} in the user data attribute. A malicious actor may use the secrets to compromise additional assets in the account