Risk: over-authorization of AWS IoT policy

dwyl / learn-aws-iot

:bulb: Learn how to use Amazon Web Services Internet of Things (IoT) service to build connected applications.

GNU General Public License v2.0

101 stars 27 forks source link

Risk: over-authorization of AWS IoT policy #27

Open P-Verifier opened 2 years ago

P-Verifier commented 2 years ago

We are a security research team and we recently discovered that there is an over-authorization security issue with this project's IoT policies. The affected files are as following:

1. learn-aws-iot/README.md
2. learn-aws-iot/policy.json

nelsonic commented 2 years ago

Hi @P-Verifier 👋 Thanks for opening this issue. 👍 If you can give a bit more detail e.g. a link to how to do it better, it would be great! 🙏 As you can see from the last commit date https://github.com/dwyl/learn-aws-iot/commits/master ...
We haven't update this since 2016 so it's definitely out-of-date. ⏳

As always, PRs welcome!