logo
welcome
About us
Newsletter
News Widget
Media Inquiries

Summary

AWS Application Load Balancer Vulnerability

This is a Miggo news story, published by Wired, that relates primarily to Amazon Web Service's news.

Miggo news

For more Miggo news, you can click here:

more Miggo news

software applications news

For more software applications news, you can click here:

more software applications news

Wired news

For more news from Wired, you can click here:

more news from Wired

About the Otherweb

Otherweb, Inc is a public benefit corporation, dedicated to improving the quality of news people consume. We are non-partisan, junk-free, and ad-free. We use artificial intelligence (AI) to remove junk from your news feed, and allow you to select the best tech news, business news, entertainment news, and much more. If you like software applications news, you might also like this article about

AWS disputes

. We are dedicated to bringing you the highest-quality news, junk-free and ad-free, about your favorite topics. Please come every day to read the latest AWS customers news, Amazon Web Services news, software applications news, and other high-quality news about any topic that interests you. We are working hard to create the best news aggregator on the web, and to put you in control of your news feed - whether you choose to read the latest news through our website, our news app, or our daily newsletter - all free!

AWS Application Load Balancer
Wired

Wired

An AWS Configuration Issue Could Expose Thousands of Web Apps

Wired
Summary
Nutrition label

81% Informative

A vulnerability related to Amazon Web Service's traffic-routing service could have been exploited by an attacker to bypass access controls and compromise web applications.

The flaw stems from a customer implementation issue, meaning it isn't caused by a software bug.

Researchers from the security firm Miggo found that, depending on how Application Load Balancer authentication was set up, an attacker could potentially manipulate its handoff to a third -party corporate authentication service to access the target web application and view or exfiltrate data.

VR Score

76

Informative language

70

Neutral language

86

Article tone

informal

Language

English

Language complexity

72

Offensive language

not offensive

Hate speech

not hateful

Attention-grabbing headline

not detected

Known propaganda techniques

not detected

Time-value

medium-lived

External references

6

https://miggo.webflow.io/resources/albeast-technical-overviewhttps://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.htmlhttps://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html#user-claims-encodinghttps://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-register-targets.html#target-security-groupshttps://aws.amazon.com/blogs/networking-and-content-delivery/security-best-practices-when-using-alb-authentication/https://aws.amazon.com/compliance/shared-responsibility-model/

Source diversity

3

miggo.webflow.iodocs.aws.amazon.comaws.amazon.com

Affiliate links

no affiliate links

Read full article