AWS IAM
      Back to home
      1. Knowledge Base
      2. AWS Knowledge Base
      3. AWS IAM

      Root Account With Active Signing Certificates

      Risk Level: Medium

      Description: 

      This plugin guarantees that the root user does not have any x509 signing certificates installed. For API access, AWS allows the use of x509 signing certificates, however, they should not be tied to the root user, who has complete access to the account.

      PingSafe strongly recommends deleting the x509 certificates associated with the root account.

      Note:

      AWS updates the Credential Report every 4 hours, it'll get updated soon please check back later. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html

      About the Service :

      AWS ID and Access Management (IAM) allows you to securely manage access to AWS services and resources. With IAM, AWS users and groups can be established and managed and permissions used to enable access by AWS resources and prohibit them.

      We can discover and adjust the rules so that only the services are accessible. We can thus adhere better to the less privileged principle.

      Impact : 

      When you disable X.509 signing certificates produced for your AWS root account, you reduce the danger of unauthorized access to certain AWS services and resources if the private certificate keys are stolen or disclosed mistakenly.

      Steps to reproduce :

      1. Sign-in to AWS management console.
        https://ap-south-1.console.aws.amazon.com/console/ 
      2. Click on the Account Name and select My Security Credentials.
      3. Check the X.509 certificate column. If the Status column of the certificate is set to Active that means that there are active X.509 certificates and the root account does not follow the best security practices.
      4. Repeat the steps for each Amazon Web Services root account that you want to examine for active X.509 certificates.

      Steps for remediation :

      1. Sign-in to AWS management console.
        https://ap-south-1.console.aws.amazon.com/console/ 
      2. Click on the Account Name and select My Security Credentials.
      3. Check the X.509 certificate column. If the Status column of the certificate is set to Active that means that there are active X.509 certificates and the root account does not follow the best security practices.
      4. Click on Make Inactive button that is present in the Actions column to make the certificate inactive.
      5. Repeat the steps for each Amazon Web Services root account that you want to examine for active X.509 certificates.

       

      References: