As many as 15,000 applications using Amazon Web Services’ (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications.
That’s according to findings from Israeli cybersecurity company Miggo, which dubbed the problem ALBeast.
“This vulnerability allows attackers to directly access affected applications, particularly if they are exposed to the internet,” security researcher Liad Eliyahu said.
ALB is an Amazon service designed to route HTTP and HTTPS traffic to target applications based on the nature of the requests. It also allows users to “offload the authentication functionality” from their apps into the ALB.