low

AWS IAM Identity Center Expiry

Published Tue, Dec 19th, 2023

Platforms

Summary

AWS IAM Identity Center exchanges third-party OIDC tokens for Identity Center-issued tokens. Identity Center relies on the jti claim in the third-party tokens to prevent replay attacks. Identity Center maintained a cache of previously-seen jti values for a fixed period (24 hours) and didn’t enforce that the third-party tokens had expiry claims. This meant that a token with a jti claim and without an exp claim could be replayed after >24 hours had passed.

Affected Services

Identity Center

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://awsteele.com/blog/2023/12/19/an-aws-iam-identity-center-vulnerability.html

Contributed by https://github.com/ramimac

Entry Status

Finalized

Disclosure Date

Fri, Dec 1st, 2023

Exploitability Period

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

Aidan Steele

More vulnerabilities...

high

Google OAuth Vulnerability Allows Indefinite Access

A vulnerability in Google OAuth allows employees to retain indefinite access to applications like Slack and Zoom after being removed from their company's Google organization. The issue stems from t...

Dylan Ayrey, Truffle Securi...Dec 15, 2023

high

Control plane bypass in Azure OpenAI

A way to manage Azure OpenAI deployments via the Data Plane was discovered, bypassing key security controls. This allows creation/modification/deletion of deployments without the usual protections ...

Tyson Garrett, TrustOnCloudDec 12, 2023

high

Google Workspace Domain-Wide Delegation Flaw

Unit 42 researchers discovered a security risk in Google Workspace's domain-wide delegation feature that allows a GCP identity with necessary permissions to generate access tokens to impersonate Go...

Zohar Zigdon, Unit 42Nov 30, 2023

View all