Cybersecurity researchers have uncovered vulnerabilities in default identity and access management (IAM) roles within Amazon Web Services (AWS) that can jeopardize account security. These roles, which grant excessive permissions like full S3 access, were found in services such as SageMaker and Glue. Researchers from Aqua highlighted that these roles can facilitate privilege escalation and lateral movement within AWS accounts. Such vulnerabilities not only risk compromising data integrity but also allow attackers to manipulate various AWS services without keystrokes. This issue extends beyond AWS, also discovered in the open-source framework Ray, challenging overall cloud security.
These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full S3 access.
These default roles silently introduce attack paths that allow privilege escalation, cross-service access, and even potential account compromise.
An attacker who gains access to a default service role with AmazonS3FullAccess doesn't even need to guess bucket names remotely.
These attacks go beyond bucket monopoly attacks, allowing attackers with a foothold to move laterally across services.
Collection
[
|
...
]