AWS AWSCloudFormation medium security documentation change
Summary
Added SHA_1 as allowed value for key usage
Security assessment
SHA-1 is a cryptographically weak hash algorithm. Adding it as allowed value could indicate support for legacy insecure configurations, though no direct vulnerability is mentioned.
Diff
diff --git a/AWSCloudFormation/latest/UserGuide/aws-resource-paymentcryptography-key.md b/AWSCloudFormation/latest/UserGuide/aws-resource-paymentcryptography-key.md index d179dbfb5..97305f1c4 100644 --- a//AWSCloudFormation/latest/UserGuide/aws-resource-paymentcryptography-key.md +++ b//AWSCloudFormation/latest/UserGuide/aws-resource-paymentcryptography-key.md @@ -126 +126 @@ _Required_ : No - _Allowed values_ : `CMAC | ANSI_X9_24 | HMAC` + _Allowed values_ : `CMAC | ANSI_X9_24 | HMAC | SHA_1`