Back to directory
WRITEUP #1172

From GitHub To Account Takeover: Misconfigured Actions Place GCP & AWS Accounts At Risk

Auth BypassAccount takeoverCloudOIDCCI/CD
byRezonate
Program
-
Published
May 16, 2023
Added to HackDex
May 22, 2023
Read Full Writeuphttps://www.rezonate.io/blog/github-misconfigurations-put-gcp-aws-in-account-takeover-risk/
RELATED WRITEUPS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass
Forced SSO Session Fixation
Auth BypassSSO
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
CloudOIDC
Account takeover on 8 years old public program
Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat