Sign in Create account

#awsconsole — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #awsconsole, aggregated by home.social.

Hacker News @[email protected] · 2026-01-15 · 20:02 UTC

Supply Chain Vuln Compromised Core AWS GitHub Repos & Threatened the AWS Console
https://www.wiz.io/blog/wiz-research-codebreach-vulnerability-aws-codebuild
#HackerNews #SupplyChainVulnerability #AWS #GitHub #Repos #AWSConsole #CyberSecurity #CloudSecurity

#hackernews #supplychainvulnerability #aws #github #repos #awsconsole
CostasK @[email protected] · 2024-04-28 · 16:36 UTC

TIL, there's a hard coded client_id in the #AWS #awsconsole for what I suspect is an AWS managed account that handles oauth2.0 for root/some login types.
The client_id depending on the service that it first redirects looks like this arn:aws:iam:015428540659:user/s3
Another service that I've noticed is phd-console (Which I think is AWS health dashboard).
So in this pattern it looks like your secret access key is treated as the client secret in an authorization code flow.
The code/access token returned by AWS is an opaque encrypted JWT.
#awssecurity

#aws #awsconsole #awssecurity