CVE-2025-0693

Name of the Vulnerable Software and Affected Versions AWS IAM (affected versions not specified)

Description The issue is related to variable response times in the AWS Sign-in IAM user login flow, which allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account. This technique exploits server response time differences during the login process to determine the presence of a valid username.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.