Comment by Bridged7756
15 hours ago
I think I'm not getting it. What's the problem if someone else can claim that bucket name? If it's deleted wouldn't the data be deleted too? Or is it there something I'm missing.
15 hours ago
I think I'm not getting it. What's the problem if someone else can claim that bucket name? If it's deleted wouldn't the data be deleted too? Or is it there something I'm missing.
I think you can put malicious data in the bucket and „impersonate“ the deleted bucket, so old code referencing the bucket uses your data instead of throwing an error (?).
Or old code referencing the bucket _writes_ data to it, and the attacker can now read it.
https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-a...