Amazon Cognito User Enumeration

medium Web App Scanning Plugin ID 113371

Synopsis

Amazon Cognito User Enumeration

Description

Amazon Cognito is a cloud product from Amazon Web Services (AWS) which provides user authentication, authorization and management services for web and mobile applications. By using Amazon Cognito, developers can quickly add a user management feature to their applications, control and enforce permissions on these users by defining roles, or federate identities from external identity providers. Under certain conditions, Amazon Cognito allows an unauthenticated attacker to infer the existence of the accounts on the target application by abusing the sign-in and sign-up features.

Solution

Sign-in user enumeration can be mitigated by enabling the `Prevent user existence errors` advanced security option on the Cognito user pool used by the application. Amazon does not currently offer a mitigation for the sign-up feature which can be mitigated by adding an AWS lambda handling the registration process with Amazon Cognito at the sign-up stage.

See Also

https://aws.amazon.com/cognito/

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-managing-errors.html

https://github.com/aws-amplify/amplify-js/issues/1183

https://github.com/aws-amplify/amplify-js/issues/6238

Plugin Details

Severity: Medium

ID: 113371

Type: remote

Published: 10/5/2022

Updated: 3/8/2023

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 2.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information