AWS Security ChangesHomeSearch

AWS AWSCloudFormation medium security documentation change

Service: AWSCloudFormation · 2025-05-28 · Security-related medium

File: AWSCloudFormation/latest/UserGuide/aws-resource-paymentcryptography-key.md

Summary

Added SHA_1 as allowed value for key usage

Security assessment

SHA-1 is a cryptographically weak hash algorithm. Adding it as allowed value could indicate support for legacy insecure configurations, though no direct vulnerability is mentioned.

Diff

diff --git a/AWSCloudFormation/latest/UserGuide/aws-resource-paymentcryptography-key.md b/AWSCloudFormation/latest/UserGuide/aws-resource-paymentcryptography-key.md
index d179dbfb5..97305f1c4 100644
--- a//AWSCloudFormation/latest/UserGuide/aws-resource-paymentcryptography-key.md
+++ b//AWSCloudFormation/latest/UserGuide/aws-resource-paymentcryptography-key.md
@@ -126 +126 @@ _Required_ : No
- _Allowed values_ : `CMAC | ANSI_X9_24 | HMAC`
+ _Allowed values_ : `CMAC | ANSI_X9_24 | HMAC | SHA_1`