S3 Bucket Misconfiguration

AWS S3 is a cloud-based storage solution that’s designed for online backup, file sharing, web hosting and data synchronization.

Impact

Misconfigured S3 static-site hosting for S3 buckets typically indicates that the bucket contents are not meant for public use. As a result, attackers can discover and download interesting files via several brute-force techniques.

Solution

Review the misconfigured buckets to confirm they are intended for public use.