Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's a great link, but they're looking at "misconfigurations". How is that relevant here?


> Since the metadata service doesn’t require any particular parameters, fetching the URL http://169.254.169.254/latest/meta-data/iam/security-credent... will return the AccessKeyID, SecretAccessKey, and Token you need to authenticate into the account.

They talk about the AWS “Metadata Service” Attack Surface and how juicy a target it is. I was just providing support for that opinion.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: