Home Latest Cyber Security News | Network Security Hacking Authentication Bypass Bug Found In AWS IAM Authenticator for Kubernetes
Latest Cyber Security News | Network Security HackingNewsVulnerabilities

Authentication Bypass Bug Found In AWS IAM Authenticator for Kubernetes

by Abeerah Hashim
written by Abeerah Hashim
Palo Alto Networks Pan-OS zero-day vulnerability under active attack

A severe security bug existed in the AWS IAM Authenticator for Kubernetes. Exploiting this vulnerability could allow an adversary to gain elevated privileges on target Kubernetes clusters. Also, an attacker could impersonate other users. Thankfully, the bug received a fix before exploitation in the wild.

AWS IAM Authenticator for Kubernetes Bug

As elaborated in a recent blog post, the security researcher Gafnit Amiga from Lightspin found a severe authentication bypass bug in AWS IAM Authenticator for Kubernetes.

IAM Authenticator is a dedicated authenticator that Amazon Elastic Kubernetes Service (Amazon EKS) uses to provide authentication to the Kubernetes cluster. This IAM authenticator is located inside the cluster’s control and authenticates users via IAM identities like users and roles.

The researcher analyzed this component and found several vulnerabilities that could allow authentication bypass. The bugs negated any protection against replay attacks. Also, they enabled the adversary to gain elevated privileges to the target cluster.

This vulnerability has received the CVE ID CVE-2022-2385 and a high severity rating. According to the vulnerability description, this bug affects users using the AccessKeyID template parameter to construct usernames and provide subsequent user accesses. It existed in AWS IAM authenticator versions v0.5.2 – v0.5.8. Details about the technical aspects of this vulnerability are available in the researcher’s post.

AWS Fixed The Bug

Following this bug discovery, the researcher highlighted the matter to the AWS security team in May 2022. In response, the EKS team started working on developing a fix that they eventually shared with the researcher for testing on June 10, 2022. The researcher then validated the fix, enabling the vendors to deploy the patch with updated releases. Finally, the patch arrived with AWS IAM authenticator v0.5.9.

Since the fix is out, all users must ensure updating to the latest version to receive the patch and avoid potential exploits. In the cases where applying the update is not possible, the vendors recommend not using the {{AccessKeyID}} template value parameter for constructing usernames as a mitigation strategy.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses