PT-2018-11792 · Aws · Cloudtoken Daemon

Publicado

2018-08-10

·

Atualizado

2022-05-13

·

CVE-2018-13390

CVSS v3.1

6.1

Média

VetorAV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions cloudtoken daemon versions 0.1.1 through 0.1.23
Description The issue allows unauthenticated access to the cloudtoken daemon on Linux systems via the network, enabling attackers on the same subnet to obtain temporary AWS credentials for the users' roles.
Recommendations For cloudtoken daemon versions 0.1.1 through 0.1.23, update to version 0.1.24 or later to resolve the issue.

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2018-13390
GHSA-4FPG-J5MP-783G
PYSEC-2018-1

Produtos afetados

Cloudtoken Daemon