That’s according to findings from Israeli cybersecurity company Miggo, which dubbed the problem ALBeast. This vulnerability allows attackers to directly access affected applications, particularly if they are exposed to the internet, security researcher Liad Eliyahu said.
Application Load Balancer will securely authenticate users as they access cloud applications," Amazon notes on its website. Application Load Balancer is seamlessly integrated with Amazon Cognito, which allows end users to authenticate through social identity providers such as Google, Facebook, and Amazon.
The attack, at its core, involves a threat actor creating their own ALB instance with authentication configured in their account. In the next step, the ALB is used to sign a token under their control and modify the ALB configuration.
Following responsible disclosure in April 2024, Amazon has updated the authentication feature documentation, highlighting the importance of proper configuration to prevent unauthorized access through ALB.
Collection
[
|
...
]