VDB

GCVE-110-CLOUD-2023-0001

GCVE-110-CLOUD-2023-0001
Advisory Published
Vulnetix · Advisory published December 27, 2023
A rate limit bypass vulnerability was discovered in Amazon Cognito, allowing attackers to potentially brute-force login credentials, password reset PINs, and MFA codes by sending requests in parallel. The vulnerability affected the main login flow, password reset function, and MFA process, potentially exposing user accounts to unauthorized access.

Affected Products

VendorProductVersionsPlatforms
AWSAmazon Cognito
AWSCognito

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›