all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

No keys attached: Exploring GitHub-to-AWS keyless authentication flaws

Add to bookmarks
July 27, 2023, midnight |

Datadog Security Labs securitylabs.datadoghq.com

In this post, we discuss the GitHub-to-AWS keyless authentication flow using OpenID Connect (OIDC). We also demonstrate that a number of AWS identity and access management (IAM) roles in the wild were misconfigured, allowing untrusted GitHub Actions to assume them and retrieve AWS credentials. Finally, we discuss a specific misconfiguration we identified in the AWS environment of a UK government entity.


GitHub-to-AWS keyless authentication


Previous research has shown that long-lived, static credentials such as IAM user access keys are …

access access management actions authentication aws aws credentials aws identity connect credentials discuss flaws flow github github actions iam identity identity and access identity and access management keyless keys management misconfiguration openid openid connect roles untrusted

Visit resource

More from securitylabs.datadoghq.com / Datadog Security Labs

Amplified exposure: How AWS flaws made Amplify IAM roles vulnerable to takeover 2 weeks, 1 day ago | securitylabs.datadoghq.com
amplify aws disclosure exposed +11
The XZ Utils backdoor (CVE-2024-3094): Everything you need to know, and more 3 weeks, 6 days ago | securitylabs.datadoghq.com
ages backdoor backdoors cve +9
A threat-informed roadmap for securing Kubernetes clusters (KubeCon EU 2024) 1 month, 1 week ago | securitylabs.datadoghq.com
attacks clusters controls kubecon +8
Tales from the cloud trenches: Using malicious AWS activity to spot phishing campaigns 1 month, 2 weeks ago | securitylabs.datadoghq.com
aws campaign campaigns cloud +5
Kubernetes security fundamentals: Authentication 2 months, 2 weeks ago | securitylabs.datadoghq.com
authentication fundamentals kubernetes kubernetes security +1
An analysis of a TeamTNT doppelgänger 2 months, 4 weeks ago | securitylabs.datadoghq.com
analysis api api endpoints backdoors +7
Tales from the cloud trenches: Amazon ECS is the new EC2 for crypto mining 3 months, 1 week ago | securitylabs.datadoghq.com
amazon amazon ecs attacks aws +11
From IRC to Instant Messaging: The Rise of Malware Communication via Chat Platforms 3 months, 2 weeks ago | securitylabs.datadoghq.com
chat communication datadog instant messaging +9
Highlights from Datadog Security Labs in 2023 3 months, 3 weeks ago | securitylabs.datadoghq.com
datadog labs security

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineer - Vulnerability Management

@ Starling Bank | Southampton, England, United Kingdom
View on infosec-jobs.com

Manager Cybersecurity

@ Sia Partners | Rotterdam, Netherlands
View on infosec-jobs.com

Compliance Analyst

@ SiteMinder | Manila
View on infosec-jobs.com

Information System Security Engineer (ISSE)-Level 3, OS&CI Job #447

@ Allen Integrated Solutions | Chantilly, Virginia, United States
View on infosec-jobs.com

Enterprise Cyber Security Analyst – Advisory and Consulting

@ Ford Motor Company | Mexico City, MEX, Mexico
View on infosec-jobs.com
View more jobs