Amazon Cognito Insecure Permissions

medium Web App Scanning Plugin ID 113374

Synopsis

Amazon Cognito Insecure Permissions

Description

Amazon Cognito is a cloud product from Amazon Web Services (AWS) which provides user authentication, authorization and management services for web and mobile applications. By using Amazon Cognito, developers can quickly add a user management feature to their applications, control and enforce permissions on these users by defining roles, or federate identities from external identity providers.

When configured with an identity pool ID, Amazon Cognito allows a remote unauthenticated user to retrieve temporary AWS credentials related to the Cognito role to be used against the target application AWS account. Depending on the permissions attached to the role, an attacker could leverage these credentials to gain access to sensitive information, or perform arbitrary modifications on the other cloud assets of the target AWS account.

Solution

Review the permissions set on the policy used by the Cognito role to ensure that they follow the least privilege principle and do not grant excessive permissions based on the application needs.

See Also

https://aws.amazon.com/cognito/

https://blog.appsecco.com/exploiting-weak-configurations-in-amazon-cognito-in-aws-471ce761963

Plugin Details

Severity: Medium

ID: 113374

Type: remote

Published: 10/5/2022

Updated: 10/5/2022

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information