Learning about Critical AWS flaws: Bucket monopoly

Gupta Bless
4 min readAug 18, 2024

Introduction

Critical vulnerabilities in two AWS services have been discovered by a security researcher. Assuming they were successful, the attackers may have progressed to RCE, or account takeover. The Black Hat conference was the setting for the revelation of this vulnerability. The AWS cloud creation had an impact on the following services: code star, EMR, glue, sagemaker, and service catalog. Because an attacker can acquire access to additional accounts with little to no effort by exploiting this vulnerability, its severity might be described as high.

What is vulnerabilities and is the risk associated with them

Rather than a random string, S3 storage buckets are meant to use predictable and easy-to-guess AWS account IDs. Storage on AWS is done using S3 buckets, which are accessible online and can only be accessed by authorized users. Since each AWS bucket has its own distinct name, yet each related account ID is either easily discoverable or made public. To begin with, we didn’t even think these account IDs were sensitive.

An attacker could easily take over any organization’s AWS account if they were able to discover the ID and bucket name, since they are predictable. Also, the researchers have verified that knowing the AWS…

--

--