Phishing for AWS credentials via AWS SSO device code authentication
When using AWS in an enterprise environment, best practices dictate to use a single sign-on service for identity and access management. AWS SSO is a popular solution, integrating with third-party providers such as Okta and allowing to centrally manage roles and permissions in multiple AWS accounts. In this post, we demonstrate that AWS SSO is vulnerable by design to device code authentication phishing – just like any identity provider implementing OpenID Connect device code authentication. This technique was first demonstrated by Dr. Nestori Syynimaa for Azure AD. The feature provides a powerful phishing vector for attackers, rendering ineffective controls suchContinue reading... Phishing for AWS credentials via AWS SSO device code authentication
The post Phishing for AWS credentials via AWS SSO device code authentication appeared first on Christophe Tafani-Dereeper.
目录
最新
- The New PKCE Authentication in AWS SSO Brings Hope (Mostly)
- Stop worrying about ‘allowPrivilegeEscalation’
- IMDSv2 enforcement: coming to a region near you!
- Hiding in Plain Sight: Unlinking Malicious DLLs from the PEB
- A Tribute to Hadrien Milano
- MitM at the Edge: Abusing Cloudflare Workers
- Introducing Stratus Red Team, an Adversary Emulation Tool for the Cloud
- Implementing a Vulnerable AWS DevOps Environment as a CloudGoat Scenario