A VULNERABILITY RELATED to Amazon Web Service’s traffic-routing service known as Application Load Balancer could have been exploited by an attacker to bypass access controls and compromise web applications, according to new research. The flaw stems from a customer implementation issue, meaning it isn’t caused by a software bug. Instead, the exposure was introduced by the way AWS users set up authentication with Application Load Balancer.

Implementation issues are a crucial component of cloud security in the same way that the contents of an armoured safe aren’t protected if the door is left ajar. Researchers from the security firm Miggo found that, depending on how Application Load Balancer authentication was set up, an attacker could potentially manipulate its handoff to a third-party corporate authentication service to access the target web application and view or exfiltrate data.

>> More