AWS IAM was used extensively by Stedi to enforce role-based access control for customers. A vulnerability was discovered in AWS STS where role trust policy statements were evaluated incorrectly, allowing unauthorized access to AWS accounts. Stedi shared their discovery process and collaboration with AWS, highlighting the importance of rigorous testing and communication with service providers.
Share with your friends and followers
Start blogging about your favorite technologies, reach more readers and earn rewards!
Join other developers and claim your FAUN account now!
Only registered users can post comments. Please, login or signup.