Head Topics

AWS squashes authentication bugs in Kubernetes service

United States News News

AWS squashes authentication bugs in Kubernetes service
United States Latest News,United States Headlines
  • 📰 TheRegister
  • ⏱ Reading Time:
  • 50 sec. here
  • 2 min. at publisher
  • 📊 Quality Score:
  • News: 23%
  • Publisher: 61%

Amazon squashes years-old authentication bugs in AWS Kubernetes service

AWS fixed three authentication bugs present in one line of code in its IAM Authenticator for Kubernetes, used by the cloud giant's popular managed Kubernetes service Amazon EKS, that could allow an attacker to escalate privileges within a Kubernetes cluster.

"I found several flaws in the authentication process that could bypass the protection against replay attacks or allow an attacker to gain higher permissions in the cluster by impersonating other identities," Lightspin's Director of Security Research Gafnit Amiga in a report this week about the vulnerabilities.in its security advisory, the buggy code existed in the authenticator plugin when it's configured to use the AccessKeyID template parameter. Customers who do not use the AccessKeyID parameter are not affected by this issue.

Amazon updated all EKS clusters worldwide as of June 28, and the new version of the AWS IAM Authenticator for Kubernetes fixes the flaw. This means customers that use AWS IAM Authenticator for Kubernetes within Amazon EKS don't need to do anything to patch the issue. However, anyone who hosts and manages their own Kubernetes clusters, and uses the authenticator plugin's AccessKeyID template parameter should

We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

TheRegister /  🏆 67. in UK

United States Latest News, United States Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

A modder has cancelled their ambitious Sonic Origins mod because the game is ‘absolute s**t’ | VGCA modder has cancelled their ambitious Sonic Origins mod because the game is ‘absolute s**t’ | VGCA modder has abandoned their ambitious Sonic Origins mod, because they say the process has made it clear 'the game is absolute shit'.
Read more »

Ambulances queue, extremely busy A&Es, 'critical incident' as heatwave hits NHSAmbulances queue, extremely busy A&Es, 'critical incident' as heatwave hits NHSNHS bosses from hospitals and ambulance services alike are urging people to only use 999 and A&E services in an emergency
Read more »

Police respond to concern for welfare of man in 'incident' at train linePolice respond to concern for welfare of man in 'incident' at train lineWe previously reported that emergency services were on the scene dealing with an 'incident' in Clydebank
Read more »

LIVE updates: Large emergency services response near Piccadilly GardensLIVE updates: Large emergency services response near Piccadilly GardensPolice have issued a statement now confirming they are at the scene in Piccadilly Gardens following a road traffic collision involving a bus and pedestrians.
Read more »

Multi-vehicle collision closes A41 at ShakefordMulti-vehicle collision closes A41 at ShakefordEmergency services have dealt with a four-vehicle collision on the A41 at Shakeford this morning.
Read more »



Render Time: 2025-03-05 21:05:38