EUVD-2016-9368

Malware in sbrugna...

CVE-2025-0693

Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account...

CVE-2025-0693

Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account...

CVE-2025-0693 Issue with AWS Sign-in IAM User Login Flow - Possible Username Enumeration

Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account...

CVE-2025-0693

AWS IAM (Identity and Access Management) is affected. The issue arises in the sign-in flow where variable response times could be exploited to enumerate valid usernames in an AWS account. Impact is described as enabling brute-force username discovery; no explicit exploit vectors or mitigations ar...

The AWS Exploitation Framework: Pacu

Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its...

AWS Key Disabler - A Small Lambda Script That Will Disable Access Keys Older Than A Given Amount Of Days

The AWS Key disabler is a Lambda Function that disables AWS IAM User Access Keys after a set amount of time in order to reduce the risk associated with old access keys. AWS Lambda Architecture SysOps Output for EndUser Developer Toolchain Current Limitations A report containing the output json of...

CVE-2016-8520

HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data...