AWS - Cognito Uendelevu

Reading time: 3 minutes

Cognito

Kwa taarifa zaidi, angalia:

AWS - Cognito Enum

Uendelevu wa watumiaji

Cognito ni huduma inayoruhusu kutoa roles kwa unauthenticated na authenticated users na kudhibiti saraka ya watumiaji. Mipangilio kadhaa inaweza kubadilishwa ili kudumisha uendelevu, kama vile:

• Adding a User Pool controlled by the user to an Identity Pool
• Give an IAM role to an unauthenticated Identity Pool and allow Basic auth flow
• Or to an authenticated Identity Pool if the attacker can login
• Or improve the permissions of the given roles
• Create, verify & privesc via attributes controlled users or new users in a User Pool
• Allowing external Identity Providers to login in a User Pool or in an Identity Pool

Angalia jinsi ya kufanya hatua hizi katika

AWS - Cognito Privesc

cognito-idp:SetRiskConfiguration

Mshambuliaji mwenye ruhusa hii anaweza kubadilisha risk configuration ili aweze kuingia kama mtumiaji wa Cognito bila kusababisha alarms kuzinduliwa. Check out the cli ili kuangalia chaguzi zote:

aws cognito-idp set-risk-configuration --user-pool-id <pool-id> --compromised-credentials-risk-configuration EventFilter=SIGN_UP,Actions={EventAction=NO_ACTION}

Kwa chaguo-msingi hii imezimwa: