🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

VPC Unrestricted Ingress

Not restricting ingress allows connections from the public internet on any port and host, significantly increasing the extent of a compromise.

Remediation

  • Restrict CIDR to known range
  • Restrict port to white listed set of ports.
  • See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule#cidr_block

Metadata

  • Severity: critical
  • Slug: vpc-unrestricted-ingress

CWEs

  • 284: Improper Access Control

OWASP

  • A05:2021: Security Misconfiguration

Available Labs

Open Aws labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.