Saturday, April 13, 2024

One-Click AWS Vulnerability Let Attackers Takeover User’s Web Management Panel

Tenable Research has identified a critical vulnerability within the AWS Managed Workflows for Apache Airflow (MWAA) service, which they have named “FlowFixation.”

This vulnerability could have permitted attackers to execute a one-click takeover of a user’s web management panel for their Airflow instance.

The discovery underscores the ongoing issue of misconfigured shared-parent domains, a problem that poses a significant threat to customers of major cloud service providers (CSPs).

Each MWAA instance is attached to a web panel for managing workflows, connections, DAGS and more
Each MWAA instance is attached to a web panel for managing workflows, connections, DAGS and more
Document

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, which helps you to quantify risk accurately:

Discovery of FlowFixation

The FlowFixation vulnerability was found to be particularly dangerous as it allowed for a session hijack in the AWS Managed Workflows for Apache Airflow.

Amazon Managed Workflows for Apache Airflow console
Amazon Managed Workflows for Apache Airflow console

This could have led to remote code execution (RCE) on the underlying instance and potentially enabled attackers to move laterally to other services within the victim’s cloud environment.

Implications for Cloud Security

The investigation by Tenable Research extended beyond AWS, revealing that numerous shared-parent service domains across other major CSPs, including Azure and Google Cloud Platform (GCP), were also misconfigured.

This widespread issue places cloud customers at considerable risk, highlighting the need for more stringent guardrails and better configuration management practices.

Addressing the Vulnerability

Upon discovery, Tenable Research responsibly disclosed the vulnerability to AWS, which has since been resolved.

However, the incident serves as a wake-up call for organizations relying on cloud services to take a proactive stance on security.

Users must ensure that their cloud configurations are secure and regularly audit their settings to prevent such vulnerabilities from being exploited.

The FlowFixation vulnerability serves as a reminder of the potential risks associated with cloud services.

While CSPs are responsible for the security of the cloud itself, customers must also play their part in securing their data and applications.

As cloud adoption grows, providers and customers must collaborate to strengthen their defenses against increasingly sophisticated cyber threats. 

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Website

Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles