medium

GCP IAP bypass

Published Fri, Sep 17th, 2021
Platforms

Summary

Convincing a victim to click a specially crafted link would allow the attacker to bypass the Identity-Aware Proxy (a core component of BeyondCorp).

Affected Services

N/A

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Fri, Sep 17th, 2021
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Unknown, null