Summary
Researchers at Omegapoint identified two issues in AWS API Gateway authorizers: 1) A header rewrite feature could be abused to bypass authorization by overwriting headers after the authorizer lambda processed them. 2) Caching of authorization policies could be exploited to reuse cached policies with modified identification sources, bypassing the authorizer.
Affected Services
API Gateway
Remediation
Implement proper defense-in-depth access controls in applications behind API Gateway, rather than relying solely on the gateway authorizer for authentication and authorization.
Tracked CVEs
No tracked CVEs
References
https://aws.amazon.com/blogs/security/removing-header-remapping-from-amazon-api-gateway-and-notes-about-our-work-with-security-researchers/https://securityblog.omegapoint.se/en/writeup-apigw/https://partners.amazonaws.com/partners/001E000000Rl0xZIAR/Omegapoint)
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
Thu, Nov 10th, 2022
Exploitablity Period
Until 2023/05/10
Known ITW Exploitation
-
Detection Methods
Monitor for unexpected access patterns or data access across tenant boundaries. Review logs for suspicious header combinations or multiple occurrences of authorization-related headers.
Piercing Index Rating
-
Discovered by
Omegapoint
