nuclei-templates/cloud/aws/acm/acm-cert-validation.yaml

57 lines
1.7 KiB
YAML
Raw Normal View History

id: acm-cert-validation
info:
name: ACM Certificate Validation Check
author: princechaddha
severity: medium
description: |
Ensure ACM SSL/TLS certificates are properly validated during issue or renewal, indicating secure communication channels.
impact: |
Lack of validation may allow unauthorized certificates, leading to potential man-in-the-middle attacks or data breaches.
remediation: |
Use AWS ACM for certificate provisioning and ensure domain validation steps are correctly followed for each certificate issued or renewed.
reference:
- https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,acm,aws-cloud-config
variables:
region: "us-east-1"
flow: |
code(1)
for(let arns of iterate(template.certificatearns)){
set("certificatearn", arns)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws acm list-certificates --region $region --output json
extractors:
- type: json
name: certificatearns
internal: true
json:
- '.CertificateSummaryList[] | .CertificateArn'
- engine:
- sh
- bash
source: |
aws acm describe-certificate --region $region --certificate-arn $certificatearn --query 'Certificate.Status'
matchers:
- type: word
words:
- "PENDING_VALIDATION"
extractors:
- type: dsl
dsl:
- '"The issue/renewal request for " + certificatearn + " SSL/TLS certificate was not validated"'
# digest: 4a0a0047304502210092b18eb3a24d6dea12fc385763c84745bf8201424ef620661e9c9fbb1b3b513a02201dc10c6f007cea631d51e81c2b6c883bf6c530a4de13398dea1c605b4a925714:922c64590222798bb761d5b6d8e72950