
Sign up to save your podcasts
Or
A security research team discovered AWS IAM username enumeration vulnerabilities within the AWS Web Console. One vulnerability, CVE-2025-0693, involved timing attacks, while the other related to MFA user login flows. The timing attack allowed attackers to identify valid usernames by measuring the server response time. The research team collaborated with AWS to address these issues, with AWS patching the timing attack but considering the MFA issue an accepted risk. The article also explains logging and detection methods for potential exploitation of these vulnerabilities and provides recommendations for preventing authentication timing attacks. It promotes the company that performed the research and encourages people to contact them to suggest topics for their podcast.
A security research team discovered AWS IAM username enumeration vulnerabilities within the AWS Web Console. One vulnerability, CVE-2025-0693, involved timing attacks, while the other related to MFA user login flows. The timing attack allowed attackers to identify valid usernames by measuring the server response time. The research team collaborated with AWS to address these issues, with AWS patching the timing attack but considering the MFA issue an accepted risk. The article also explains logging and detection methods for potential exploitation of these vulnerabilities and provides recommendations for preventing authentication timing attacks. It promotes the company that performed the research and encourages people to contact them to suggest topics for their podcast.