Skip to content
This repository has been archived by the owner on Jun 15, 2023. It is now read-only.

Risk: over-authorization of AWS IoT policy #70

Closed
P-Verifier opened this issue May 16, 2022 · 1 comment
Closed

Risk: over-authorization of AWS IoT policy #70

P-Verifier opened this issue May 16, 2022 · 1 comment
Labels
archived

Comments

@P-Verifier
Copy link

We are a security research team and we recently discovered that there is an over-authorization security issue with this project's IoT policies.
The affected files are as following:

1. aws-iot-docs/developerguide/connect-iot-lorawan-create-destinations.md
2. aws-iot-docs/developerguide/iot-dc-install-provision.md
3. aws-iot-docs/developerguide/lightbulb-shadow-application.md
4. aws-iot-docs/developerguide/connect-policy.md
@joshbean
Copy link
Contributor

Closing this issue or pull request in advance of archiving this repo. For more information about the decision to archive this repo (and others in the 'awsdocs' org), see the announcement on the AWS News Blog.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
archived
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joshbean @P-Verifier