gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-01 23:39:52 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Carlos Polop
2025-01-26 15:48:40 +01:00
parent d9c68fcf04
commit 8f02f9f5a5
3 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pentesting-cloud/aws-security/aws-services/aws-cognito-enum/cognito-identity-pools.md
View File

@@ -88,7 +88,7 @@ For more information check https://github.com/padok-team/cognito-scanner
The only thing an attacker need to know to **get AWS credentials** in a Cognito app as unauthenticated user is the **Identity Pool ID**, and this **ID must be hardcoded** in the web/mobile **application** for it to use it. An ID looks like this: `eu-west-1:098e5341-8364-038d-16de-1865e435da3b` (it's not bruteforceable).
> [!TIP]
> The **IAM Cognito unathenticated role created via is called** by default `Cognito_<Identity Pool name>Unauth_Role`
> The **IAM Cognito unauthenticated role created via is called** by default `Cognito_<Identity Pool name>Unauth_Role`
If you find an Identity Pools ID hardcoded and it allows unauthenticated users, you can get AWS credentials with: