AWS KMS key modified to allow public access
Description
AlphaSOC detected that an AWS KMS (Key Management Service) key was modified to
allow public access using the PutKeyPolicy or CreateKey action. This change
makes the key accessible to anyone on the internet, compromising the
confidentiality and integrity of the data stored in AWS.
Impact
A publicly accessible AWS KMS key can be exploited to decrypt sensitive data, forge digital signatures, or perform unauthorized cryptographic operations. This exposure can lead to data breaches, access to protected resources, and compliance violations, compromising the overall security posture of the AWS environment.
Severity
| Severity | Condition |
|---|---|
Medium | AWS KMS key modified to allow public access |
Investigation and Remediation
Review AWS CloudTrail logs to identify the user or role responsible for the change and determine if it was authorized. If unauthorized, update the key policy to revoke public access and rotate any compromised credentials.