VDB
GCVE-110-CLOUD-2023-0056
GCVE-110-CLOUD-2023-0056
Advisory Published
AWS applies a rate limit to authentication requests made to the AWS Console
in an effort to prevent brute-force and credential stuffing attacks. However,
a weakness was discovered in the AWS Console authentication flow that allowed
a partial bypass of this rate limit by pausing for 5 seconds every 30 attempts.
This would enable an attacker to continuously attempt more than 280 passwords
per minute (4.6 per second) against IAM users, which could have resulted in
account compromise of users without MFA enabled.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| AWS | AWS Console | — | — |
| AWS | Cloud Services | — | — |
| AWS | IAM | — | — |
| AWS | RDS | — | — |
Browse GCVE Records
73,866 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.