Tuesday, November 12, 2024
HomeAmazon AWSOne-Click AWS Vulnerability Let Attackers Takeover User's Web Management Panel

One-Click AWS Vulnerability Let Attackers Takeover User’s Web Management Panel

Published on

Malware protection

Tenable Research has identified a critical vulnerability within the AWS Managed Workflows for Apache Airflow (MWAA) service, which they have named “FlowFixation.”

This vulnerability could have permitted attackers to execute a one-click takeover of a user’s web management panel for their Airflow instance.

The discovery underscores the ongoing issue of misconfigured shared-parent domains, a problem that poses a significant threat to customers of major cloud service providers (CSPs).

- Advertisement - SIEM as a Service
Each MWAA instance is attached to a web panel for managing workflows, connections, DAGS and more
Each MWAA instance is attached to a web panel for managing workflows, connections, DAGS and more
Document

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, which helps you to quantify risk accurately:

Discovery of FlowFixation

The FlowFixation vulnerability was found to be particularly dangerous as it allowed for a session hijack in the AWS Managed Workflows for Apache Airflow.

Amazon Managed Workflows for Apache Airflow console
Amazon Managed Workflows for Apache Airflow console

This could have led to remote code execution (RCE) on the underlying instance and potentially enabled attackers to move laterally to other services within the victim’s cloud environment.

Implications for Cloud Security

The investigation by Tenable Research extended beyond AWS, revealing that numerous shared-parent service domains across other major CSPs, including Azure and Google Cloud Platform (GCP), were also misconfigured.

This widespread issue places cloud customers at considerable risk, highlighting the need for more stringent guardrails and better configuration management practices.

Addressing the Vulnerability

Upon discovery, Tenable Research responsibly disclosed the vulnerability to AWS, which has since been resolved.

However, the incident serves as a wake-up call for organizations relying on cloud services to take a proactive stance on security.

Users must ensure that their cloud configurations are secure and regularly audit their settings to prevent such vulnerabilities from being exploited.

The FlowFixation vulnerability serves as a reminder of the potential risks associated with cloud services.

While CSPs are responsible for the security of the cloud itself, customers must also play their part in securing their data and applications.

As cloud adoption grows, providers and customers must collaborate to strengthen their defenses against increasingly sophisticated cyber threats. 

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting...