high

Bypassing Identity-Aware Proxy in Google Cloud

Published Thu, Dec 30th, 2021

Platforms

Summary

A vulnerability in Google Cloud Platform's Identity-Aware Proxy (IAP) allowed attackers to bypass authentication and access IAP-secured web applications. The exploit involved creating a malicious IAP-secured app using the target's OAuth client ID, configuring query parameter-based routing to capture redirect tokens, and using these tokens to hijack authorized sessions.

Affected Services

Identity-Aware Proxy

Remediation

None required. The vulnerability has been fixed by Google.

Tracked CVEs

No tracked CVEs

References

https://www.seblu.de/2021/12/iap-bypass.html

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Wed, May 5th, 2021

Exploitablity Period

Until 2021/06

Known ITW Exploitation

Detection Methods

Monitor for unauthorized access to IAP-secured applications. Review IAP logs for suspicious authentication attempts or unexpected redirect patterns.

Piercing Index Rating

Discovered by

SebLu

More vulnerabilities...

medium

Google Cloud Shell command injection

A vulnerability was discovered in Cloud Shell that enabled command injection and remote shell access. The "Open in Cloud Shell" functionality allowed a user to provide values for both the "git_repo...

Ademar Nowasky Junior

Tue, Dec 28th, 2021

low

Dataflow RCE via unauthenticated JMX service

Dataflow worker nodes ran an unauthenticated Java Management Extensions (JMX) service that under certain circumstances would be exposed to the Internet, thus allowing unauthenticated remote code ex...

Mike Brancato

Tue, Dec 28th, 2021

medium

Overprivileged AWS support IAM role policy

AWS added an excessive s3:getObject permission to AWSSupportServiceRolePolicy IAM policy used by AWS Support teams, and removed it a day later.

Scott Piper, Summit Route

Wed, Dec 22nd, 2021

View all