While V4 of AWS signatures are issued with a limited time window to be used, Keystone did not check this restriction. An attacker who captured one auth header could reuse it and potentially maintain their access indefinitely.



Source link

Write a comment:
*

Your email address will not be published.