Researchers created a proof-of-concept attack that allows remote attackers to access protected APIs to extract credentials.
Researchers have created a proof-of-concept attack that allows unauthenticated adversaries to extract user credentials from misconfigured reverse proxy servers in order to delete, manipulate or extract data from websites and applications.
The proof-of-concept (PoC) attack targets major cloud customers of services such as Amazon Web Services, Microsoft Azure and Google Cloud, according to researchers at RedLock that published a report on their findings Tuesday.
Similar to misconfigured storage buckets that plagued businesses with leaky data, this PoC attack takes advantage of a common default configuration used by leading cloud services and too often unchanged by website admins.
The PoC targets APIs that provide access to the metadata associated with identity services such AWS’ Identity and Access Management (IAM), Microsoft’s Azure Managed Service Identity (MSI), and Google’s Cloud Cloud IAM. “[These] are features that… simplify the task of creating and distributing credentials and are popular features with developers,” wrote RedLock. As the PoC demonstrates, adversaries can also abuse them.
Gaurav Kumar, RedLock CTO, shared one PoC example with Threatpost.
For More Details :
https://threatpost.com/misconfigured-reverse-proxy-servers-spill-credentials/132085/
