A extreme safety bug existed within the AWS IAM Authenticator for Kubernetes. Exploiting this vulnerability might enable an adversary to realize elevated privileges on track Kubernetes clusters. Additionally, an attacker might impersonate different customers. Fortunately, the bug obtained a repair earlier than exploitation within the wild.
AWS IAM Authenticator for Kubernetes Bug
As elaborated in a latest blog post, the safety researcher Gafnit Amiga from Lightspin discovered a extreme authentication bypass bug in AWS IAM Authenticator for Kubernetes.
IAM Authenticator is a devoted authenticator that Amazon Elastic Kubernetes Service (Amazon EKS) makes use of to supply authentication to the Kubernetes cluster. This IAM authenticator is positioned contained in the cluster’s management and authenticates customers by way of IAM identities like customers and roles.
The researcher analyzed this part and located a number of vulnerabilities that might enable authentication bypass. The bugs negated any safety in opposition to replay assaults. Additionally, they enabled the adversary to realize elevated privileges to the goal cluster.
This vulnerability has obtained the CVE ID CVE-2022-2385 and a excessive severity ranking. In line with the vulnerability description, this bug impacts customers utilizing the AccessKeyID template parameter to assemble usernames and supply subsequent consumer accesses. It existed in AWS IAM authenticator variations v0.5.2 – v0.5.8. Particulars in regards to the technical facets of this vulnerability can be found within the researcher’s publish.
AWS Mounted The Bug
Following this bug discovery, the researcher highlighted the matter to the AWS safety group in Might 2022. In response, the EKS group began engaged on creating a repair that they finally shared with the researcher for testing on June 10, 2022. The researcher then validated the repair, enabling the distributors to deploy the patch with up to date releases. Lastly, the patch arrived with AWS IAM authenticator v0.5.9.
Because the repair is out, all customers should guarantee updating to the newest model to obtain the patch and keep away from potential exploits. Within the instances the place making use of the replace isn’t doable, the distributors advocate not utilizing the {{AccessKeyID}} template worth parameter for setting up usernames as a mitigation technique.
Tell us your ideas within the feedback.