German researchers have published a report on security flaws in Amazon Web Services they said could give an attacker access to a user's account and information.
The researchers, from Ruhr-University Bochum, said the AWS security vulnerabilities are within the two main authentication mechanisms utilized in Amazon EC2 control interface. The interface is prone to “several new and classical variants of signature wrapping†and information of a single-signed SOAP message could allow an attacker to compromise a customer's account, they wrote inside the report. The difficulty, they said, is it's possible to generate arbitrary SOAP messages accepted by the interface from only 1 valid signature.
“To make things worse, in a single attack variant, knowledge of the (public) X.509 certificate alone enabled a successful execution of an arbitrary cloud control operation on behalf of the certificate owner,†they said. “Those included actions corresponding to starting or stopping virtual machines, downloading or uploading virtual machine images, resetting the administrator's password for cloud instances, etc.â€
The AWS Web interface is also at risk of cross-site scripting (XSS) attacks, the researchers said.
The research highlights how the complexity of cloud computing systems “creates a big seedbed†of potential vulnerabilities, they said: “Hence, cloud control interfaces are in all likelihood to become one of the attractive targets for organized crime within the nearby future.â€
According to the researchers, an identical XSS and SOAP parsing vulnerabilities exist in Eucalyptus, a personal cloud platform. They said they reported the failings to both vendors, which worked with them on fixes.
In an email statement, an Amazon spokesperson said the vulnerabilities were fixed months ago and no customers were impacted. “It's important to notice this potential vulnerability involved a really small percentage of all authenticated AWS API calls that use non-SSL endpoints and was not a potentially widespread vulnerability as was reported,†the spokesperson said.
In addition, customers implementing AWS security best practices weren't at risk of the vulnerabilities, she added. AWS published a summary of the reported vulnerabilities along side a reminder of AWS security best practices.
“Regarding Amazon specifically, researchers didn't have access to all Amazon.com customer data as have been reported.  The process in which Amazon.com stores customer data doesn't enable researchers to look and expose information consisting of passwords or payment information as were suggested,†in line with the AWS spokesperson. “Additionally, the prospective vulnerability reported by these researchers will require customers to intentionally follow a particular script and take various specific actions that were created by the researchers.† Â
Nessun commento:
Posta un commento
Comments links could be nofollow free