- A fault called Whoami was found in the image of the Amazon machine
- It allows threat actors to obtain RCE capacities on the AWS accounts of people
- A fix has been published, but many users still have to update
Amazon web services (AWS) users are potentially vulnerable to a name confusion attack called “Whoami”, experts warned.
The vulnerability, found in Amazon Machine Image (Friend), was discovered in the summer of 2024 by Datadog of cybersecurity researchers, and was now confirmed by Amazon, who said he resolved the problem on his side and urged users To update the code on their side and thus protect their premises.
Friend is a preconfigured model used to create and launch virtual servers (EC2 instances) in AWS. It includes an operating system, application software and necessary configurations such as storage and authorizations. Friends allows users to quickly deploy coherent environments, whether by using images provided by AWS, community friends or tailor -made friends. This makes scaling and management of cloud infrastructure more effective.
Follow the denomination model
Friends can be public, or private, and once generated, deliver with a unique identifier. Publics can even be found in the AWS catalog. But these audiences should also come with the “owners” attribute, to confirm that they come from a source of confidence.
Now, the researchers have found that the way software projects recover the friend’s identifiers were imperfect and allowed threat actors to obtain remote code execution capacities (RCE) in the AWS accounts of people.
Technical details on the functioning of vulnerability and how it could be used can be found on this link. In short, if a threat actor publishes a friend with a name that follows the format used by trust owners, he can be taken up by mistake.
When Datadog discovered the fault for the first time, he said that overall, a very small percentage of AWS users is vulnerable, but that is still equivalent to the “thousands” of AWS accounts. Amazon responded by issuing a corrective in mid-September from last year and by publishing a new security check called “friends” friends “in early December of last year.
He also advised all users to apply the fixes, while stressing that there was no proof of abuse in the wild.
Via Bleeping Compompute
