Roles should not be assigned to default service accounts
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | iam |
| Provider | |
| Vulnerability Type | misconfiguration |
Description#
Roles are assigned to default service accounts instead of dedicated, purpose-specific accounts. Default service accounts often have broad permissions and are shared among multiple services, increasing the risk of accidental or unauthorized access.
Impact#
If compromised, a default service account with excessive privileges can be exploited to access or control multiple resources across the project, violating the principle of least privilege and increasing the likelihood and impact of privilege escalation or lateral movement within the environment.
Resolution#
Use specialised service accounts for specific purposes.