Vulnerability Database

S3 Bucket Takeover

AWS S3 is a highly scalable, high performance cloud storage service.

Attackers can register the missing S3 buckets to host malicious content on the domain referencing it. Subdomain Takeover attacks can be used for phishing and cross-site scripting.

Solution

Remove the record referencing the bucket or register the s3 bucket itself.

Ultimate

Enterprise
  • All Tools, Services, and Plans
  • Suitable For Enterprises
  • Single Sign-On Integration, Single Tenant
  • Dedicated Support, Custom Integrations
  • Annual or Monthly, Fixed-cost Billing