SYM_CONF_0132 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Privilege Management
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-269: Improper Privilege Management |
| OWASP | A04:2021 - Insecure Design |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The IAM policy grants sensitive actions—such as creating access keys or login profiles—on other users or wildcard resources. This broad permission can let unauthorized users escalate their privileges in the AWS account.
Impact
If exploited, an attacker could create credentials or change passwords for other users, gaining administrative access and potentially taking full control of your AWS environment. This could lead to data breaches, resource misuse, or service disruptions.