AWS Credential Report detail view incorrectly flags disabled credentials
rieck-srlabs opened this issue · comments
Jakob Rieck commented
Describe the bug
AWS's credential report rule ("Credentials Unused for 90 Days or Greater Are Not Disabled") correctly flags users that have credentials which have been unused for at least 90 days and which are enabled.
However, the detail overview highlights not just the affected credentials in red, but all credentials, even disabled ones or credentials that are newer than 90 days:
In the screenshot above:
- Password is highlighted despite being disabled
- Access Key 2 is highlighted despite not being active
- (Active access keys that have recently been used are also highlighted in red, as long as there is another access key that has not been used recently. Note that this problem is not highlighted in the screenshot above)
To Reproduce
Run ScoutSuite with no parameter against an account that has a user with an access key that has not been used for at least 90 days:
$ scout aws
Additional context
n/a
Jakob Rieck commented
Closing issue, as the fix was merged and is included in the latest release.