Amazon Workspaces Vulnerability [Mitigated May 2020]
Summary Amazon Workspaces was incorrectly interpreting an AWS managed policy which resulted in allowing a read-only permission user to hijack a legitimate workspace. The attacker could force a password reset to the new account and compromise that particular Amazon Workspace, even though the credentials for the account only had read only access. AWS have mitigated the vulnerability, and this post is a quick summarization of the events leading to the patch....