Skip to content

H3-2024-0005

AWS Privilege Escalation - iam:CreateAccessKey

Category SECURITY_MISCONFIGURATION
Base Score 7

Description

An AWS user or role assigned the iam:CreateAccessKey permission, that is not an administrator, can get AWS keys for another user with more permissions.

Impact

This misconfiguration permits an AWS user or role to compromise another user with more permissions.

References