|
|
|
|
|
|
by gurchik
1413 days ago
|
|
|
> a former AWS engineer who abused her access Nowhere in the criminal complaint[1] does it say this happened. Instead it says that Paige wrote a script that scanned web application firewalls (WAFs) for a specific vulnerability. Anyone could have done this. The problem was only possible because after abusing the vulnerability Paige discovered that the IAM Role used by the WAF was granted permissions it shouldn't have. 1. https://www.justice.gov/usao-wdwa/press-release/file/1188626... |
|
|