EUVD-2021-1705

Malware in sbrugna...

CVE-2025-34062 OneLogin AD Connector API Credential and Signing Key Exposure

An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directorytoken—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext respon...

CVE-2025-0693: AWS IAM User Enumeration

The post CVE-2025-0693: AWS IAM User Enumeration appeared first on Rhino Security Labs...

How to Configure EKS Clusters to Use AWS IAM Users/Roles for Veeam Kasten for Kubernetes Access

Purpose Follow this guide to provide appropriate Veeam Kasten for Kubernetes role-based access using AWS IAM users or roles. Solution Description Veeam Kasten for Kubernetes integrates with whatever authentication mechanism customers use to access their Kubernetes clusters. Since EKS natively...

BIT-VAULT-2020-16250

HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1...

The Big IAM Challenge: Test Your Cloud Security Skills

Put yourself to the test with our unique CTF challenge and boost your AWS IAM knowledge. Do you have what it takes to win The Big IAM Challenge?...

Fedora: Security Advisory for golang-sigs-k8s-aws-iam-authenticator (FEDORA-2022-5038c3236c)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-sigs-k8s-aws-iam-authenticator-0.5.2-8.fc36

A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster. The initial work on this tool was driven by Heptio. The project receives contributions from multiple community engineers and is currently maintained by Heptio and Amazon EKS OSS Engineers...

IAM Vulnerable - Use Terraform To Create Your Own Vulnerable By Design AWS IAM Privilege Escalation Playground

Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground. IAM Vulnerable uses the Terraform binary and your AWS credentials to deploy over 250 IAM resources into your selected AWS account. Within minutes, you can start learning how to identify and exploit...

Concrete CMS: SSRF mitigation bypass using DNS Rebind attack

We noticed that the upload functionality contains the ability to upload files from remote server, however there are some mitigations against accessing the AWS Instance Metadata service. We've managed to bypass these mitigations using DNS rebinding and we've managed to fetch the AWS IAM keys when...

Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault

HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1...

Red-Shadow - Lightspin AWS IAM Vulnerability Scanner

Scan your AWS IAM Configuration for shadow admins in AWS IAM based on misconfigured deny policies not affecting users in groups discovered by Lightspin's Security Research Team. The tool detects the misconfigurations in the following IAM Objects: Managed Policies Users Inline Policies Groups Inli...

CVE-2019-10200

A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS I...

Security Bulletin: A security vulnerability in Vault affects Bastion Service of IBM Cloud Pak for Multicloud Management

Summary A security vulnerability in Vault affects Bastion Service of IBM Cloud Pak for Multicloud Managemen 2.2.0 and previous version Vulnerability Details CVEID: CVE-2020-16250 DESCRIPTION: HashiCorp Vault and Vault Enterprise could allow a remote attacker to bypass security restrictions, cause...

CVE-2020-16250

HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1...

CVE-2020-16250

HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1...

Authentication flaw

HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1...

CVE-2020-16250

HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1...

CVE-2020-16250

HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. The issue is fixed in Vault releases 1.2.5, 1.3.8, 1.4.4, and 1.5.1. Public disclosures in connected sources describe an AWS IAM auth bypass via...

PT-2020-14842 · Hashicorp · Hashicorp Vault +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer Description: The issue concerns an authentication bypass when HashiCorp Vault and Vault Enterprise are configured with the AWS IAM auth method. This could potentially allow...