Security Test: AWS access token exposed¶
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | Frontend Scanner |
|---|---|---|
Description¶
Default Severity:
AWS access tokens (including access keys, secret keys, and session tokens) should never be exposed in API responses, logs, or client-side code. These credentials provide direct access to AWS services and resources, and their exposure can lead to unauthorized access, data breaches, and significant financial impact from resource abuse.
Configuration¶
Identifier:
information_disclosure/aws_access_token
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API2:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.5.3 |
| GDPR | Article-32 |
| SOC2 | CC1 |
| PSD2 | Article-95 |
| ISO 27001 | A.18.1 |
| NIST | SP800-53 |
| FedRAMP | AC-4 |
| CWE | 200 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C |
| CVSS Score | 7.2 |