AWS IAM User Enumeration Vulnerabilities: CVE-2025-0693 and Security Implications
Blog post from SSOJet
Rhino Security Labs uncovered two security vulnerabilities within AWS's Shared Responsibility Model, impacting the security of AWS Identity and Access Management (IAM) systems. The first vulnerability involves username enumeration when Multi-Factor Authentication (MFA) is activated, allowing attackers to identify valid usernames based on the login flow's behavior, while the second, CVE-2025-0693, exploits timing disparities during login attempts for single-factor authentication, which AWS has since patched. These vulnerabilities enable attackers to ascertain valid usernames without sophisticated tools, which is unexpected for a major cloud provider like AWS. AWS has addressed the timing attack by implementing uniform response delays, but organizations are advised to remain vigilant by enabling MFA and monitoring AWS CloudTrail logs for unusual activity indicative of enumeration attempts. Comprehensive authentication management solutions, such as those offered by SSOJet, can enhance security by integrating with existing protocols and providing features like Single Sign-On and Multi-Factor Authentication. Understanding these vulnerabilities and adopting robust security practices is crucial for organizations utilizing AWS infrastructure.
No tracked trend matches for this post yet.