medium

AWS Sign-in IAM User Login Flow Username Enumeration

Published Thu, Jan 23rd, 2025

Platforms

Summary

A vulnerability in AWS IAM Sign-in login flow could allow attackers to enumerate IAM usernames by measuring server response times. This issue affected AWS Sign-in IAM User login flow prior to January 16, 2025. AWS has since introduced a delay in response times across all authentication failure scenarios to mitigate the vulnerability.

Affected Services

IAM

Remediation

None required

Tracked CVEs

CVE-2025-0693

References

https://aws.amazon.com/security/security-bulletins/AWS-2025-002/

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Exploitability Period

Until 2025/01/16

Known ITW Exploitation

Detection Methods

Monitor sign-in activity, including failed and successful sign-in events, using AWS CloudTrail. Refer to the CloudTrail Event Reference documentation for more information.

Piercing Index Rating

Discovered by

Rhino Security Labs

More vulnerabilities...

high

Finding SSRFs in Azure DevOps

Three SSRF vulnerabilities were discovered in Azure DevOps, allowing access to internal metadata endpoints and potential CRLF injection. The issues affected the endpointproxy and Service Hooks func...

Torjus Bryne Retterstøl, Bi...Jan 17, 2025

medium

CloudWatch Dashboard Sharing Exposes EC2 Tags

A vulnerability in AWS CloudWatch dashboard sharing allowed viewers to access EC2 instance tags and potentially invoke Lambda functions in the source account. The issue stemmed from a logic bug in ...

Leonidas Tsaousis, WithSecureJan 16, 2025

high

Issue with Amazon WorkSpaces and AppStream 2.0 Clients

AWS identified two vulnerabilities in specific versions of native clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV. These issues could allow man-in-the-middle attacks, potentiall...

AWSJan 15, 2025

View all