all InfoSec news
MFA enforcement IAM policy bypass
April 25, 2023, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
due to a change implemented by AWS in November 2022 that allowed IAM users to assign
multiple MFA devices to their account. Prior to this change, an attacker that had compromised
credentials could not create and assign a new MFA device to bypass the MFA requirement as they
would need to first deactivate the user’s existing MFA device. Organisations using SSO which
enforces MFA, either via …
access access keys account aws bypass change compromised compromised credentials credentials device devices enforcement iam keys mfa november policy
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
AWS Amplify IAM role publicly assumable exposure
1 month, 2 weeks ago |
www.cloudvulndb.org
AWS Glue database password leakage
1 month, 3 weeks ago |
www.cloudvulndb.org
Synapse Analytics privilege escalation via intelligent caching
2 months, 3 weeks ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
3 months, 2 weeks ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
3 months, 3 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC