While using opinel with scout2 or ScoutSuite with crossaccount MFA access, STS assume role failing.
After investigation I found that the root cause is incorrect naming inside assume_role function credentials argument TokenCode and SerialNumber:
- if 'mfa_serial' in credentials and 'mfa_code' in credentials:- sts_args['TokenCode'] = credentials['mfa_code']- sts_args['SerialNumber'] = credentials['mfa_serial']+ if 'SerialNumber' in credentials and 'TokenCode' in credentials:+ sts_args['TokenCode'] = credentials['TokenCode']+ sts_args['SerialNumber'] = credentials['SerialNumber']
While using opinel with scout2 or ScoutSuite with crossaccount MFA access, STS assume role failing. After investigation I found that the root cause is incorrect naming inside assume_role function credentials argument TokenCode and SerialNumber:
- if 'mfa_serial' in credentials and 'mfa_code' in credentials:
- sts_args['TokenCode'] = credentials['mfa_code']
- sts_args['SerialNumber'] = credentials['mfa_serial']
+ if 'SerialNumber' in credentials and 'TokenCode' in credentials:
+ sts_args['TokenCode'] = credentials['TokenCode']
+ sts_args['SerialNumber'] = credentials['SerialNumber']