Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Ben Reser's MWAA vuln #49

Open
0xdabbad00 opened this issue May 27, 2022 · 1 comment
Open

Add Ben Reser's MWAA vuln #49

0xdabbad00 opened this issue May 27, 2022 · 1 comment

Comments

@0xdabbad00
Copy link
Contributor

https://cloudsecurityforum.slack.com/archives/C6DN616HG/p1653611790045629

I found a security vulnerability in MWAA (Amazon Managed Workflows for Apache Airflow) that has been fixed so now I can talk about it. Specifically there are two API calls that the service uses to convert IAM credentials into tokens that can be used to login to airflow. The CreateCliToken and CreateWebLoginToken were logging the tokens to CloudTrail. The event used included the hostname for the airflow server, so everything required to login to the server was in the event.

Reported May 11th, fixed May 22.

tokens are only valid for 60 seconds and CloudTrail log delivery is not fast enough that they are valid by the time an AWS customer can see them.
@0xdabbad00
Copy link
Contributor Author

Mentioned on twitter publicly in this thread: https://twitter.com/BenReser/status/1531710736719695872

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@0xdabbad00