all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Issue With IAM Supporting Multiple MFA Devices

Add to bookmarks
April 25, 2023, 2:03 p.m. | aws@amazon.com

Latest Bulletins aws.amazon.com

Initial Publication Date: 04/25/2023 10:00AM EST


A security researcher recently reported an issue with AWS’s recently-released (November 16th, 2022) support for multiple multi-factor authentication (MFA) devices for IAM user principals. The reported issue could have potentially arisen only when the following three conditions were met: (1) An IAM user had possession of long-term access key (AK)/secret key (SK) credentials, (2) that IAM user had the privilege to add an MFA to their own identity without using an MFA, and (3) …

access authentication aws beyond conditions console credentials devices factor iam identity issue key mfa multi-factor multi-factor authentication november own privilege privileges researcher secret secret key security security researcher sign support

Visit resource

More from aws.amazon.com / Latest Bulletins

AWS Response to March 2024 CSRB report 1 week, 6 days ago | aws.amazon.com
action aware aws benefits +16
CVE-2024-28056 2 weeks, 3 days ago | aws.amazon.com
address amplify aware aws +11
CVE-2024-3094 1 month ago | aws.amazon.com
action amazon aware aws +14
CVE-2024-21626 - Runc container issue 3 months ago | aws.amazon.com
action address amazon aware +14
CVE-2023-23583 5 months, 2 weeks ago | aws.amazon.com
aware aws cve ec2 +10
CVE-2023-5528 5 months, 2 weeks ago | aws.amazon.com
amazon amazon eks ami aware +18
CVE-2023-44487 - HTTP/2 Rapid Reset Attack 6 months, 3 weeks ago | aws.amazon.com
2 rapid reset address attack aware +16
Issue with Amazon WorkSpaces Windows Client Version 5.9 and 5.10 6 months, 3 weeks ago | aws.amazon.com
amazon aws characters client +12
Reported TorchServe Issue (CVE-2023-43654) 7 months ago | aws.amazon.com
aware aws containers customers +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Cloud Security Analyst

@ Cloud Peritus | Bengaluru, India
View on infosec-jobs.com

Cyber Program Manager - CISO- United States – Remote

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
View on infosec-jobs.com

Network Security Engineer (AEGIS)

@ Peraton | Virginia Beach, VA, United States
View on infosec-jobs.com

SC2022-002065 Cyber Security Incident Responder (NS) - MON 13 May

@ EMW, Inc. | Mons, Wallonia, Belgium
View on infosec-jobs.com

Information Systems Security Engineer

@ Booz Allen Hamilton | USA, GA, Warner Robins (300 Park Pl Dr)
View on infosec-jobs.com
View more jobs