AWS CloudFront distribution configured with insecure SSL protocol policy
Description
AlphaSOC detected that an Amazon CloudFront distribution was configured with an insecure Secure Socket Layer (SSL) protocol policy. CloudFront is a content delivery network (CDN) service that distributes static and dynamic web content to users through a global network of edge locations. This finding indicates that the CloudFront distribution uses an SSL policy that allows TLS 1.1 or older protocols, exposing the system to known cryptographic vulnerabilities.
Impact
Threat actors can exploit weak TLS configurations to decrypt traffic between CloudFront edge locations and end users. This can result in unauthorized access to delivered content, man-in-the-middle attacks, and compromise of data in transit.
Severity
| Severity | Condition |
|---|---|
Low | AWS CloudFront distribution created or modified with an insecure SSL protocol policy |
Investigation and Remediation
Review the CloudFront distribution settings in the AWS Console to identify configurations using deprecated SSL policies. Update the security policy to use TLS 1.2 or later, and remove support for weak cipher suites. Test the distribution with the updated configuration and monitor for user compatibility issues.