AWS S3 Takeover

Severity: High
Test name: AWS S3 Takeover
Test ID: amazon_s3_takeover
Summary

The target application contains a reference to an S3 bucket that no longer exists. An attacker can register a new S3 bucket under the target's original S3 bucket name. The target application would use the new S3 bucket which is under the attacker's control. An attacker can populate the S3 bucket with malicious content or intercept legitimate traffic intended for the S3 bucket, potentially leading to data theft or other malicious activities.

Impact

This vulnerability causes the following consequences:

  • Data breaches
  • Malware distribution
  • Negatively impact on the company reputation
Location

The issue can be found in the source code on the response body, and subdomains using S3 buckets.

Remedy suggestions
  • Remove unused S3 buckets reference URLs from code
Classifications
  • CWE-284
  • CVCC:CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
References