medium

AWS Console rate limit bypass

Published Mon, Feb 6th, 2023

Platforms

Summary

AWS applies a rate limit to authentication requests made to the AWS Console in an effort to prevent brute-force and credential stuffing attacks. However, a weakness was discovered in the AWS Console authentication flow that allowed a partial bypass of this rate limit by pausing for 5 seconds every 30 attempts. This would enable an attacker to continuously attempt more than 280 passwords per minute (4.6 per second) against IAM users, which could have resulted in account compromise of users without MFA enabled.

Affected Services

AWS Console

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://securitylabs.datadoghq.com/articles/aws-console-rate-limit-bypass/

Contributed by https://github.com/korniko98

Entry Status

Finalized

Disclosure Date

Wed, Dec 7th, 2022

Exploitability Period

Until January 26th, 2023

Known ITW Exploitation

Detection Methods

Detect potential brute-force behavior using the CloudTrail ConsoleLogin event.

Piercing Index Rating

Discovered by

Christophe Tafani-Dereeper, Datadog

More vulnerabilities...

high

EmojiDeploy

Multiple Azure Web services use a source control management (SCM) panel powered by Kudu and enabled by default. These services were all susceptible to a CSRF vulnerability due to an overly-permissi...

Liv Matan, ErmeticJan 19, 2023

high

Azure AD Flaw Allowed SAML Token Persistence

A vulnerability in Azure Active Directory allowed users to retain access to SAML applications after their assignment was removed. Attackers could exploit this to establish persistence and elevate p...

Secureworks Counter Threat ...Jan 18, 2023

low

Multiple SSRF vulnerablities in Azure services

SSRF vulnerabilities were discovered in four Azure services: unauthenticated SSRF in Azure Digital Twins Explorer and Azure Functions, and authenticated SSRF in Azure API Management Service and Azu...

Lidor Ben Shitrit, Orca Sec...Jan 17, 2023

View all