Lateral movement

EC2 Instance with secrets in UserData Attribute

Platform(s)
Compliance Frameworks

CCPA, CPRA, Data Security Posture Management (DSPM) Best Practices, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, NIST 800-171, NIST 800-53, PDPA, UK Cyber Essentials

Description

Instance metadata can be used to access user data that was specified when launching the instance. For example, a parameter can be specified for configuring the instance, or include a simple script. The user data is not protected by authentication or cryptography, and therefore, anyone with access to the instance can view it. Secrets were found for the instance {AwsEc2Instance} in the user data attribute. A malicious actor may use the secrets to compromise additional assets in the account
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo