low

Amazon WorkSpaces Windows client credential logging

Published Fri, Oct 6th, 2023

Platforms

aws

Summary

AWS identified an issue in the Amazon WorkSpaces Windows client which resulted in unintentionally logging connection debugging information to a user's local system. This data could include usernames or passwords if they contain specific characters: \ (backslash) or " (double quotes). If an attacker gained access to an Amazon WorkSpaces user's machine, they could then compromise such credentials from the log.

Affected Services

Amazon WorkSpaces

Remediation

Update the client to version 5.11.0 or higher. New versions of the client will automatically delete local logs generated by vulnerable versions.

Tracked CVEs

No tracked CVEs

References

https://aws.amazon.com/security/security-bulletins/AWS-2023-010/

Contributed by https://github.com/korniko98

Entry Status

Finalized

Disclosure Date

-

Exploitability Period

-

Known ITW Exploitation

-

Detection Methods

None

Piercing Index Rating

-

Discovered by

-

More vulnerabilities...

high

Chronicle cross-customer bucket access

gcp

Customers can configure Chronicle to ingest data from customer-owned Cloud Storage buckets using an ingestion feed. Chronicle previously used a shared service account for all customers for grantin...

DoggoZW
high

AWS API Gateway Header Smuggling and Cache Confusion

aws

Researchers at Omegapoint identified two issues in AWS API Gateway authorizers: 1) A header rewrite feature could be abused to bypass authorization by overwriting headers after the authorizer lambd...

Omegapoint
low

AWS AppStream Cloudtrail Bypass

aws

Credentials can be extracted from AppStream. When used, they obscure the sourceIP and userName of the initial user. The sourceIP appears as appstream.amazonaws.com.

Saransh Rana, CRED
View all