The vulnerability found in the Datazone service allows an adversary to enumerate permissions of compromised credentials without logging to CloudTrail. Forty-four non-production endpoints were identified that can be accessed using standard IAM credentials and do not generate CloudTrail logs. This vulnerability was reported to AWS as a security issue, as it enables silent permission…Read More
AWS VDP: Non-Production API Endpoints for the Datazone Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
