Weak Authentication
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-1390: Weak Authentication |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The EC2 launch template is configured to allow the older Instance Metadata Service Version 1 (IMDSv1), which lacks strong authentication. This makes it easier for attackers to access sensitive metadata from within the instance.
Impact#
If exploited, attackers can retrieve credentials and other metadata from the instance, potentially leading to privilege escalation, data breaches, or compromise of AWS resources. This can result in unauthorized access to critical systems and data.