Issue With IAM Supporting Multiple MFA Devices
|
System information
|
| |
|
|
Affected software |
AmazonWS |
Description
|
Initial Publication Date: 04/25/2023 10:00AM EST A security researcher recently reported an issue with AWS’s recently-released (November 16th, 2022) support for multiple multi-factor authentication (MFA) devices for IAM user principals. The reported issue could have potentially arisen only when the following three conditions were met: (1) An IAM user had possession of long-term access key (AK)/secret key (SK) credentials, (2) that IAM user had the privilege to add an MFA to their own
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2023-001/ |
Standar resources
|
|
Property |
Value |
|
CVE |
|
