Monday, July 15, 2024

One-Click AWS Vulnerability Let Attackers Takeover User’s Web Management Panel

Tenable Research has identified a critical vulnerability within the AWS Managed Workflows for Apache Airflow (MWAA) service, which they have named “FlowFixation.”

This vulnerability could have permitted attackers to execute a one-click takeover of a user’s web management panel for their Airflow instance.

The discovery underscores the ongoing issue of misconfigured shared-parent domains, a problem that poses a significant threat to customers of major cloud service providers (CSPs).

Each MWAA instance is attached to a web panel for managing workflows, connections, DAGS and more
Each MWAA instance is attached to a web panel for managing workflows, connections, DAGS and more

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, which helps you to quantify risk accurately:

Discovery of FlowFixation

The FlowFixation vulnerability was found to be particularly dangerous as it allowed for a session hijack in the AWS Managed Workflows for Apache Airflow.

Amazon Managed Workflows for Apache Airflow console
Amazon Managed Workflows for Apache Airflow console

This could have led to remote code execution (RCE) on the underlying instance and potentially enabled attackers to move laterally to other services within the victim’s cloud environment.

Implications for Cloud Security

The investigation by Tenable Research extended beyond AWS, revealing that numerous shared-parent service domains across other major CSPs, including Azure and Google Cloud Platform (GCP), were also misconfigured.

This widespread issue places cloud customers at considerable risk, highlighting the need for more stringent guardrails and better configuration management practices.

Addressing the Vulnerability

Upon discovery, Tenable Research responsibly disclosed the vulnerability to AWS, which has since been resolved.

However, the incident serves as a wake-up call for organizations relying on cloud services to take a proactive stance on security.

Users must ensure that their cloud configurations are secure and regularly audit their settings to prevent such vulnerabilities from being exploited.

The FlowFixation vulnerability serves as a reminder of the potential risks associated with cloud services.

While CSPs are responsible for the security of the cloud itself, customers must also play their part in securing their data and applications.

As cloud adoption grows, providers and customers must collaborate to strengthen their defenses against increasingly sophisticated cyber threats. 

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


Latest articles

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...

Malicious NuGet Campaign Tricking Developers To Inject Malicious Code

Hackers often target NuGet as it's a popular package manager for .NET, which developers...

Akira Ransomware Attacking Airline Industry With Legitimate Tools

Airlines often become the target of hackers as they contain sensitive personal and financial...

DarkGate Malware Exploiting Excel Files And SMB File Shares

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing...
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles