Explore the security risks associated with misconfigured OpenID Connect (OIDC) authentication in cloud environments in this 17-minute conference talk from BSidesLV. Delve into the concept of "keyless authentication" supported by major cloud providers like AWS, Azure, and Google Cloud, and understand its popularity in CI/CD pipelines. Discover how easily misconfigured AWS IAM roles using keyless authentication can be exploited by unauthenticated attackers to retrieve cloud credentials and compromise entire environments. Learn from real-world examples, including a case study involving the UK government's AWS account. Gain insights on identifying vulnerable roles in your own environment and implementing higher-level guardrails to prevent human errors from escalating into data breaches. Presented by Christophe Tafani-Dereeper, this talk offers valuable knowledge for cloud security professionals and developers working with OIDC authentication.
From Keyless to Careless - Abusing Misconfigured OIDC Authentication in Cloud Environments
Overview
Syllabus
Breaking Ground, Wed, Aug 7, 20:00 - Wed, Aug 7, CDT
Taught by
BSidesLV
Related Courses
-
Abusing OIDC Authentication for Cloud Security Vulnerabilities
-
Secure the Build, Secure the Cloud: Using OIDC Tokens in CI/CD Pipelines
-
GitHub Azure AD OIDC Authentication for Actions
-
Practical Perimeter-less Authentication Solutions for Startups Using AWS Native Tools
-
My Terrible Roommates - Discovering the FlowFixation Vulnerability and the Risks of Sharing a Cloud Domain
