Use of Default Credentials CDK High

Using default keys and passwords in product design simplifies manufacturing and deployement but can lead to security risks when administrators don't change them, making it easier for attackers to breach multiple organizations.

Detector ID
python/use-of-default-credentials-cdk@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1from aws_cdk import aws_redshift as redshift
2import aws_cdk as cdk
3
4
5class CdkStarterStack(cdk.Stack):
6
7    def redshift_default_username_noncompliant(self):
8        # Noncompliant: Default master username used
9        cfn_cluster = redshift.CfnCluster(self, "MyCfnCluster",
10                                          master_username='awsuser',
11                                          master_user_password='secret',
12                                          cluster_type='single-node',
13                                          db_name='bar',
14                                          node_type='ds2.xlarge')

Compliant example

1from aws_cdk import aws_redshift as redshift
2import aws_cdk as cdk
3
4
5class CdkStarterStack(cdk.Stack):
6
7    def redshift_default_username_compliant(self):
8        # Compliant: Custom username used
9        cfn_cluster = redshift.CfnCluster(self, "MyCfnCluster",
10                                          master_username='masteruser',
11                                          master_user_password='secret',
12                                          cluster_type='single-node',
13                                          db_name='bar',
14                                          node_type='ds2.xlarge')