Nearly two dozen application programming interfaces (APIs) across 16 different Amazon Web Services offerings can be abused to allow attackers to obtain the roster and internal structure of an organization's cloud account in order to launch targeted attacks against individuals.
All that a threat actor would require in order to carry out the attack is the target organization's 12-digit AWS ID — something that is used and shared publicly — Palo Alto Networks said this week.
In a report, the security vendor said that all of the affected APIs could be abused in the same way across all three of AWS's partitions or regions (aws, aws-us-gov, and aws-cn). The Amazon services that are vulnerable include Amazon Simple Storage Service (S3), Amazon Key Management Service (KMS), and Amazon Simple Queue Service (SQS).
Jay Chen, senior cloud researcher for Unit 42 at Palo Alto Networks, says the problem has to do with an AWS design feature that is meant to help users avoid typos and mistakes when writing a policy. "The error messages inadvertently give out too much information, so that an attacker can find out if a particular user or role exists in another AWS account."
Specifically, the cause of the issue lies with how AWS's identity and access management function handles a specific type of policy — known as resource-based policy — that is associated with AWS resources such as an S3 bucket or an Amazon EC2 instance. In total, 26 AWS services support resource-based policies.
According to Palo Alto Networks, AWS resource-based policies ..
Support the originator by clicking the read the rest link below.
