Information Disclosure
Risky Feature
Insecure Software Configuration
Abnormal Behaviour
Inadequate Input Validation
Insecure Session Managment
Insecure Software Defaults
Insecure Data Transport
Insecure Authentication
Insecure Data Storage
Information Gathering
Generic Security Finding
Weak Access Controls

S3 Bucket Takeover

Name: SecApps
Rating: 4.50 (6895 reviews)

A s3 bucket takeover detected.

s3
bucket
domain
takeover
hijacking

AWS S3 is a highly scalable, high performance cloud storage service.

Impact

Attackers can register the missing S3 buckets to host malicious content on the domain referencing it. Subdomain Takeover attacks can be used for phishing and cross-site scripting.

Solution

Remove the record referencing the bucket or register the s3 bucket itself.

Was this page helpful?