VDB
GCVE-110-CLOUD-2023-0001
GCVE-110-CLOUD-2023-0001
Advisory Published
A rate limit bypass vulnerability was discovered in Amazon Cognito, allowing attackers to potentially brute-force login credentials, password reset PINs, and MFA codes by sending requests in parallel. The vulnerability affected the main login flow, password reset function, and MFA process, potentially exposing user accounts to unauthorized access.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| AWS | Amazon Cognito | — | — |
| AWS | Cognito | — | — |
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.