Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Vulnerability in AWS IAM Authenticator for Kubernetes could allow user impersonation, privilege escalation attacks

A vulnerability in AWS IAM Authenticator for Kubernetes could allow a malicious actor to impersonate other users and escalate privileges in Kubernetes clusters, a security researcher has discovered.

Tracked as CVE-2022-2385, the now-patched vulnerability could allow an attacker to impersonate other users and escalate privileges in Elastic Kubernetes Service (EKS) clusters configured with AccessKeyID template parameter.

An attacker could craft a malicious signed request to Security Token Service (STS) GetCallerIdentity endpoint that includes the same parameter multiple times with different values.

Authentication bypass

Researcher Gafnit Amiga of Lightspin detailed in a blog post how an attacker can send two different variables with the same name but with different uppercase and lowercase characters – for example, they are able to send both ‘Action’ and ‘action’.

Amiga explained: “Since both [variables in the vulnerable code] are… ‘ToLower’, the value in the queryParamsLower dictionary will be overridden while the request to AWS will be sent with both parameters and their values.

“The cool thing is that AWS STS will ignore the parameter it does not expect, in this case AWS STS will ignore the action parameter.

Amiga wrote: “Because the for loop is not ordered, the parameters are not always overridden in the order we want, therefore we might need to send the request with the malicious token to the AWS IAM Authenticator server multiple times.

The vulnerable root cause was present since the first commit in October 2017. As such, both the changing action and unsigned cluster ID tokens were exploitable since day one.

The exploitation of the username through the AccessKeyID was possible since September 2020.

Fixes issued

Amiga told The Daily Swig that the vulnerability was difficult to locate, and that it was also tricky to notice that values can be overridden while STS ignores unexpected additional request parameters.

“I tried other attack vectors hoping to manipulate the HTTP client, but they protected against them,” Amiga said.

Amazon has since patched the issues which Amiga said has “improved the process significantly”. The researcher added: “The entire process was one month, and they kept me updated during the process. We also coordinated the disclosure.”

The updates are fixed in version 0.5.9. More information can be found in Amazon’s security bulletin.

Source: https://portswigger.net/daily-swig/vulnerability-in-aws-iam-authenticator-for-kubernetes-could-allow-user-impersonation-privilege-escalation-attacks

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO