Lambda function environment variables expose secrets

Lateral movement

Lambda function environment variables expose secrets

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCPA
CPRA
Data Security Posture Management (DSPM) Best Practices
GDPR
HITRUST
iso_27001_2022
iso_27002_2022
Mitre ATT&CK
NIST 800-53
Orca Best Practices
PDPA
UK Cyber Essentials

Description

AWS lambda is AWS's serverless solution. Environment variables are key-value pairs of data which are forwarded to the execution environment of a lambda, and help making the behaviour of a generic code that runs in a function more dynamic. We have found that the lambda function exposes sensitive data in the environment variables of the function. If an attacker can list this function (i.e. read its metadata), they may be able to use this information for lateral movement.

Lambda function environment variables expose secrets

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS