100-Days-in-Cloud Risk: over-authorization of AWS IoT policy

Risk: over-authorization of AWS IoT policy

Open P-Verifier opened this issue 2 years ago • 0 comments

We are a security research team and we recently discovered that there is an over-authorization security issue with this project's IoT policies. The affected files are as following:

1. 100-Days-in-Cloud/Labs/98 - AWS IoT - ESP32-CAM and Rekognition/esp32-request-rekognition-policy.json
2. 100-Days-in-Cloud/Labs/98 - AWS IoT - ESP32-CAM and Rekognition/esp32-request-url-policy.json

May 16 '22 12:05 P-Verifier

100-Days-in-Cloud 100-Days-in-Cloud copied to clipboard

Risk: over-authorization of AWS IoT policy

100-Days-in-Cloud
100-Days-in-Cloud copied to clipboard