Cloud Security

Potential exploitation of AWS cross-tenant flaw detailed

Threat actors could exploit Amazon Web Services AppSync through an AWS cross-tenant vulnerability that would enable access to organizational account resource access, SecurityWeek reports. Researchers from Datadog Security Labs were able to identify the flaw after discovering AWS API's acceptance of JSON payloads with mixed case properties during the validation process, which could be bypassed by an ARN with a different casing. "By bypassing the ARN validation, we were able to create AppSync data sources tied to roles in other AWS accounts. This would allow an attacker to interact with any resource associated with a role which trusts the AWS AppSync service in any account," said Datadog. AWS has already issued a patch addressing the flaw in September, noting that none of its customers have been compromised. "Analysis of logs going back to the launch of the service have been conducted and we have conclusively determined that the only activity associated with this issue was between accounts owned by the researcher. No other customer accounts were impacted," AWS added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.