The flaw stems from a customer implementation issue, meaning it isn't caused by a software bug. Instead, the exposure was introduced by the way AWS users set up authentication.
Implementation issues are a crucial component of cloud security. The contents of an armored safe aren't protected if the door is left ajar, emphasizing the importance of proper setup.
Researchers from Miggo identified over 15,000 publicly reachable web applications with potentially vulnerable configurations, although AWS disputes this estimate, stating it's significantly fewer.
Miggo CEO Daniel Shechter noted they observed a 'weird behavior' that indicated partial validation in a customer system, reflecting the interdependencies between the customer and the vendor.
Collection
[
|
...
]