AWS VDP: Non-Production API Endpoints for the Datazone Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

Main / AWS VDP: Non-Production API Endpoints for the Datazone Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

Discription

The vulnerability found in the Datazone service allows an adversary to enumerate permissions of compromised credentials without logging to CloudTrail. Forty-four non-production endpoints were identified that can be accessed using standard IAM credentials and do not generate CloudTrail logs. This vulnerability was reported to AWS as a security issue, as it enables silent permission…Read More

References

Back to Main

Subscribe for the latest news: