More than 15,000 apps leveraging AWS Application Load Balancer for authentication could have their business resources and other data compromised due to the critical configuration vulnerability dubbed "ALBeast," which could be leveraged to evade the authorization process, SC Media reports.
Such an issue stems from the lack of validation on the ALB that provided the token signature, as well as a security groups misconfiguration, according to a report from Miggo Research. While AWS has been recommended to address ALBeast issues through implementation modifications, it has instead urged security teams to allow only traffic from trusted sources to ALB targets and adopt signature validation for the JSON Web Token, noted Miggo lead researcher Liad Eliyahu.
On the other hand, ALBeast was noted by Sectigo Senior Vice President of Product Jason Soroko to have been due to user configuration and should prompt proper token verification and traffic restrictions for their apps.
"AWS continuously improves documentation on this to help people responsible for configuration to understand the risks, but it would be prudent to also look at diagnostic tools available from Amazon AWS as well as third party tools to help catch these kinds of configuration mistakes," Soroko added.
