VDB

GCVE-110-CLOUD-2023-0056

GCVE-110-CLOUD-2023-0056
Advisory Published
Vulnetix · Advisory published February 6, 2023
AWS applies a rate limit to authentication requests made to the AWS Console in an effort to prevent brute-force and credential stuffing attacks. However, a weakness was discovered in the AWS Console authentication flow that allowed a partial bypass of this rate limit by pausing for 5 seconds every 30 attempts. This would enable an attacker to continuously attempt more than 280 passwords per minute (4.6 per second) against IAM users, which could have resulted in account compromise of users without MFA enabled.

Affected Products

VendorProductVersionsPlatforms
AWSAWS Console
AWSCloud Services
AWSIAM
AWSRDS

References

advisory

Browse GCVE Records

73,866 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›