Subj : AWS patches worrying security flaw that could have led to account
To   : All
From : TechnologyDaily
Date : Mon Mar 25 2024 16:15:05

AWS patches worrying security flaw that could have led to account hijacking

Date:
Mon, 25 Mar 2024 16:02:43 +0000

Description:
Managed Workflows for Apache Airflow were susceptible to XSS attacks, 
researchers claim.

FULL STORY
======================================================================

Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) carried 
a flaw which allowed threat actors to hijack peoples sessions and execute 
malicious code on underlying instances, remotely, experts have warned. 

Cybersecurity researchers Tenable discovered the vulnerability and dubbed it 
FlowFixation, explaining the vulnerability stems from both session fixation 
on the AWS MWAA web management platform, and a misconfiguration in the AWS 
domain. These two open the doors for a cross-site scripting (XSS) attack. 

"Upon taking over the victim's account, the attacker could have performed 
tasks such as reading connection strings, adding configurations and 
triggering directed acyclic graphs (DAGS)," Tenables senior security 
researcher, Liv Matan, explained. "Under certain circumstances such actions 
can result in RCE (remote code execution) on the instance that underlies the 
MWAA, and in lateral movement to other services." Highlighting a broader 
issue with domain architecture 

 The Hacker News describes session fixation as a web attack technique that 
happens when a user is authenticated to a service without invalidating any 
existing session identifiers. This allows the attacker to force (or fixate) a 
known session identifier on a user so when they do authenticate, the attacker 
is granted access to the session. 

"FlowFixation highlights a broader issue with the current state of cloud 
providers' domain architecture and management as it relates to the Public 
Suffix List (PSL) and shared-parent domains: same-site attacks," Matan said. 
The misconfiguration also affects Azure and Google Cloud, they added. 

After discovering the flaw, Tenable notified Amazon, which subsequently 
issued a patch. Both AWS and Azure added the misconfigured domains to PSL 
(Public Suffix List). For Google, the issue isnt dangerous enough to warrant 
a patch, The Hacker News reported. 

The full technical analysis of the vulnerability can be found on Tenables 
blog here . More from TechRadar Pro FBI warns criminals are building a 
dangerous new botnet  and it's after your Microsoft or AWS logins and more 
Here's a list of the best firewalls around today These are the best endpoint 
security tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/aws-patches-worrying-security-flaw-that
-could-have-led-to-account-hijacking


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.