Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
Wiz
FIN-732
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Not Verified
What It Detects
A Wiz-monitored compute instance is using Instance Metadata Service version 1 (IMDSv1) instead of the more secure IMDSv2. IMDSv1 is vulnerable to Server-Side Request Forgery (SSRF) attacks, which allow attackers to retrieve IAM credentials, instance identity tokens, and other sensitive metadata from the instance metadata endpoint (169.254.169.254).
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Connectors
match
Wiz
Extra Data
and
[{'key': 'Key', 'value': 'wiz.use_instance_metadata_v2', 'operator': 'match'}, {'key': 'Value', 'value': 0, 'operator': 'match'}]
Remediation
×
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum