all InfoSec news
AWS Console rate limit bypass
Feb. 6, 2023, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
in an effort to prevent brute-force and credential stuffing attacks. However,
a weakness was discovered in the AWS Console authentication flow that allowed
a partial bypass of this rate limit by pausing for 5 seconds every 30 attempts.
This would enable an attacker to continuously attempt more than 280 passwords
per minute (4.6 per second) against IAM users, which could have resulted in
account compromise of users …
attacks authentication aws brute brute-force bypass console credential credential stuffing credential stuffing attacks enable flow iam partial passwords rate rate limit requests weakness
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
GraphNinja
2 weeks, 4 days ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
3 months, 1 week ago |
www.cloudvulndb.org
Azure Pipelines Agent poisoned pipeline execution
4 months, 3 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Senior Product Delivery Associate - Cybersecurity | CyberOps
@ JPMorgan Chase & Co. | NY, United States
Security Ops Infrastructure Engineer (Remote US):
@ RingCentral | Remote, USA
SOC Analyst-1
@ NTT DATA | Bengaluru, India