search

aws-samples / aws-iot-kickstart

Connect and deploy IoT devices on AWS IoT Core in minutes and start generating immediate business value!
Apache License 2.0
21 stars 17 forks source link

Risk: over-authorization of AWS IoT policy #31

Open P-Verifier opened 2 years ago

P-Verifier commented 2 years ago

We are a security research team and we recently discovered that there is an over-authorization security issue with this project's IoT policy. The affected file is as following:

1. aws-iot-kickstart/source/cf/sputnik-cognito.yml