Privilege Esclation

In this post, I’ll cover how the vulnerable Cognito service can be exploited to escalate privileges and obtain temporary AWS credentials. Privilege Escalation via Vulnerable Cognito Introduction AWS Cognito is commonly used to handle user authentication and identity federation in cloud applications. However, when misconfigured, it becomes a gateway for privilege escalation, especially when: Frontend validations are trusted too much Custom attributes are used to control access Identity Pools are mapped to roles based on unvalidated claims This scenario demonstrates how misconfigured Amazon Cognito setups can be exploited to gain unauthorized access to AWS resources. You’ll simulate an attacker exploiting weak client-side validations and improperly scoped custom attributes to escalate privileges and extract AWS credentials via Cognito Identity Pools. ...

In this post, I’ll cover how multiple policy versions with overly permissive configuration for an older version leads to privilege escalation in AWS. Privilege Escalation via Rollback Introduction A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when an IAM principal (user or role) makes a request. Permissions in the policies determine whether the request is allowed or denied. AWS IAM policies define permissions for an action regardless of the method that you use to perform the operation. ...

Read the full post on Hacklido.

Read the full post on Hacklido.