Remember Bucket Monopoly? Yeah, it gets worse
Amazon Web Services has fixed a flaw in its open source Cloud Development Kit that, under the right conditions, could allow an attacker to hijack a user's account completely.
Once that happened, the attackers could steal data, or even take over a user's account without them knowing. Since the Prefix is always cdk, the Qualifier is by default hnb659fds, and assets is a constant string in the bucket name, the only variables that change are the Account ID and the Region.in which the default qualifier is used during the bootstrap process. That makes it that much easier to claim another user's CDK staging bucket name, and then perform all the evil deeds detailed in the Bucket Monopoly attack overview.
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
AWS must fork out $30.5M after losing P2P network patent scrapNo one really wins when a troll, sorry, assertion entity scores a victory
Read more »
Developer pockets $2M in savings from going cloud-free37signals CTO claims cost of new hardware was 'entirely recouped' as contracts expired after AWS exit
Read more »
Millions of Android and iOS users at risk from hardcoded creds in popular appsAzure Blob Storage, AWS, and Twilio keys all up for grabs
Read more »
Millions of Android and iOS users at risk from hardcoded creds in popular appsAzure Blob Storage, AWS, and Twilio keys all up for grabs
Read more »
Integrating GenAI into business-critical applicationsFind out how to unlock innovation potential with the help of AWS and SAP
Read more »
Connect data for analytics, ML and BIFind out how to unlock seamless data integration in this AWS Zero-ETL webinar
Read more »