VDB

GCVE-110-CLOUD-2023-0019

GCVE-110-CLOUD-2023-0019
Advisory Published
Vulnetix · Advisory published October 6, 2023
AWS identified an issue in the Amazon WorkSpaces Windows client which resulted in unintentionally logging connection debugging information to a user's local system. This data could include usernames or passwords if they contain specific characters: \ (backslash) or " (double quotes). If an attacker gained access to an Amazon WorkSpaces user's machine, they could then compromise such credentials from the log.

Affected Products

VendorProductVersionsPlatforms
AWSConnect
AWSAmazon WorkSpaces
AWSWorkSpaces
AWSRDS

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›