This creates a problem when providing the correct confirmation token to the prompt because this will then create a mismatch between the username and token data.
To Reproduce
Steps to reproduce the behavior:
Run the command without a username flag:
run cognito__attack --identity_pools us-east-1:<identity_pool_id> --user_pool_clients <client_id>@us-east-<id>
Run through the sign up process
provide the token
see the error
Expected Behavior
The expected behavior should be that the provided username from the input should be used in the verification step.
DaveYesland
commented
5 months ago
Describe the Bug When you don't provide a username in the run command the signup function will then ask the user to provide a username, which is fine. But on the verify call, the username from the input is being used, but the args username, which is since not provided falls back to the default one. https://github.com/RhinoSecurityLabs/pacu/blob/4e5f1de15ae880d703d3042374ab552fe6d3e258/pacu/modules/cognito__attack/main.py#L380
This creates a problem when providing the correct confirmation token to the prompt because this will then create a mismatch between the username and token data.
To Reproduce Steps to reproduce the behavior:
run cognito__attack --identity_pools us-east-1:<identity_pool_id> --user_pool_clients <client_id>@us-east-<id>Expected Behavior The expected behavior should be that the provided username from the input should be used in the verification step.