As many as 15,000 applications using Amazon Web Services' (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications. That's according to findings from Israeli cybersecurity company Miggo, which dubbed the problem ALBeast. "This vulnerability allows attackers to directly access affected applications, particularly if they are exposed to the internet," security researcher Liad Eliyahu said. ALB is an Amazon service designed to route HTTP and HTTPS traffic to target applications based on the nature of the requests. It also allows users to "offload the authentication functionality" from their apps into the ALB. "Application Load Balancer will securely authenticate users as they access cloud applications," Amazon notes on its website. "Application Load Balancer is seamlessly integrated with Amazon Cognito, which allows end users to authenticate through social identity providers such as Google, Facebook, and Amazon, and through enterprise identity providers such as Microsoft Active Directory via SAML or any OpenID Connect-compliant identity provider (IdP)." The attack, at its core, involves a threat actor creating their own ALB instance with authentication configured in their account. In the next step, the ALB is used to sign a token under their control and modify the ALB configuration by forging an authentic ALB-signed token with the identity…Read More