Amazon Web Services

Amazon Web Services

A vulnerability in Amazon Web Services' Application Load Balancer was discovered by security firm Miggo, which could potentially allow an attacker to bypass access controls and compromise web applications. This vulnerability was not due to a software flaw but stemmed from customers' configuration of the service, particularly the setup of authentication. Researchers identified over 15,000 web applications with potentially vulnerable configurations, though AWS disputes the figure and has contacted customers to recommend more secure setups. Exploiting this vulnerability would involve token forgery by the attacker to obtain unauthorized access to applications, escalating privileges within the system.

Source: https://www.wired.com/story/aws-application-load-balancer-implementation-compromise/

"id": "ama000082124",
"linkid": "amazon-web-services",
"type": "Vulnerability",
"date": "8/2024",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.