Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

Lightspin Security Research Team Reveals AWS Identity and Access Management Vulnerable to Abuse

AWS authorization bypass enables attacker to change login information and take over accounts undetected

Lightspin, a pioneer in contextual cloud security protecting native, Kubernetes, and microservices from known and unknown risks, announced the results of its research, which discovered a gap between AWS Identity and Access Management (IAM) user and group policies that an attacker can abuse to take over accounts, delete group members, steal data and shut down services. The research team was able to compromise dozens of accounts by using this technique.

“Initially, we believed this vulnerability was an isolated case,” said Vladi Sandler, CEO at Lightspin. “However, upon further investigation, we found that in many cases, users could perform actions that system administrators believed were denied when they configured group security configurations. This makes users accounts believed to be safe, easy to infiltrate.”

Recommended AI News: Side Becomes A Unicorn Company Following $150 Million Series D Financing

Lightspin researchers discovered that many security administrators were unaware that AWS IAM rules do not work the same way as Azure Active Directory or other authorization mechanisms.

Related Posts
1 of 40,642

While defining Active Directory Azure policies, if a group is denied read access to the file, all group members cannot access it. However, IAM handles group and user authorizations separately. Even if a group has an explicit denial, this will only impact group actions, not user actions. Amazon does not warn system administrators that users’ accounts can still be accessed even if their group is protected.

Recommended AI News: Bruin Sports Capital Reaches Agreement with Quadrant Private Equity To Become Co-Owner of Global Sports Technology Company: TGI Sport

Based on Lightspin’s research, more than half of the companies they work with have unintentional loose permissions for their users due to this authorization bypass, putting them at risk. There are two options to ensure that users can’t perform actions they were intended to be denied using group authorizations:

  • Each user can be listed separately while setting deny rules.
  • Each user can be tagged to be included in a group.

Both procedures can be cumbersome and difficult to maintain but are the best way to prevent intruders from changing login information and taking over accounts.

Recommended AI News: Neudata Launches Alt Data Legal and Compliance Intelligence Tool Neudata Sentry

Comments are closed.