AWS fixes local file vuln on internal credential access for Relational Database Service

2022-04-12 18:05

A local file read vulnerability in Amazon's Relational Database Service could be exploited to allow an attacker to gain access to internal AWS credentials, the cloud behemoth has confirmed.

While no in-the-wild attacks exploited the bug, AWS confirmed it gave researchers access "To internal credentials that were specific to their Aurora cluster."

"No cross-customer or cross-cluster access was possible; however, highly privileged local database users who could exercise this issue could potentially have gained additional access to data hosted in their cluster or read files within the operating system of the underlying host running their database," according to the AWS security bulletin.

Amiga exported the access key, secret access key, and session token using the AWS Security Token Service's GetCallerIdentity API. This gave her the user ID, account ID, and Amazon Resource Name for identity and access management credentialsand this provided access to an internal AWS service.

Lightspin reported the vuln to AWS on December 9, and five days later the cloud provider deployed an initial patch while working on a full fix.

By late March, AWS had reached out to all of its affected customers and fixed all supported versions of Amazon Aurora PostgreSQL and Amazon RDS for PostgreSQL. "The AWS Cloud is a blessing for many developers, architects, and security professionals around the world due to its pay-as-you-go model and diversity of service offerings," Amiga concluded.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/12/aws_rds_vuln/

#AWS #credential #database