low

AWS IAM Identity Center Expiry

Published Tue, Dec 19th, 2023

Platforms

Summary

AWS IAM Identity Center exchanges third-party OIDC tokens for Identity Center-issued tokens. Identity Center relies on the jti claim in the third-party tokens to prevent replay attacks. Identity Center maintained a cache of previously-seen jti values for a fixed period (24 hours) and didn’t enforce that the third-party tokens had expiry claims. This meant that a token with a jti claim and without an exp claim could be replayed after >24 hours had passed.

Affected Services

Identity Center

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://awsteele.com/blog/2023/12/19/an-aws-iam-identity-center-vulnerability.html

Contributed by https://github.com/ramimac

Entry Status

Finalized

Disclosure Date

Fri, Dec 1st, 2023

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Aidan Steele

More vulnerabilities...

low

AWS AppFlow WooCommerce SSRF

The AppFlow WooCommerce connector allowed specification of a full URL. The connector included details of response content when the URL offered an unexpected response. This means you could make arbi...

Ronin

Mon, Nov 6th, 2023

low

AWS AppFlow secrets disclosure

AppFlow had an undocumented service called sandstoneconfigurationservicelambda. An undocumented field (awsOwnedManagedAppCredentialsArn) could be used during connector registration and connector u...

Ronin

Mon, Nov 6th, 2023

medium

ApatchMe

Amazon Managed Workflows for Apache Airflow (MWAA) and the Task instance details page in the Google Composer UI were not patched against CVE-2023-29247 (Stored XSS). This meant that post-authentica...

Liv Matan, Tenable

Thu, Nov 2nd, 2023

View all