AWS - MQ Privesc
MQ
For more information about MQ check:
mq:ListBrokers
, mq:CreateUser
mq:ListBrokers
, mq:CreateUser
With those permissions you can create a new user in an ActimeMQ broker (this doesn't work in RabbitMQ):
Potential Impact: Access sensitive info navigating through ActiveMQ
mq:ListBrokers
, mq:ListUsers
, mq:UpdateUser
mq:ListBrokers
, mq:ListUsers
, mq:UpdateUser
With those permissions you can create a new user in an ActimeMQ broker (this doesn't work in RabbitMQ):
Potential Impact: Access sensitive info navigating through ActiveMQ
mq:ListBrokers
, mq:UpdateBroker
mq:ListBrokers
, mq:UpdateBroker
If a broker is using LDAP for authorization with ActiveMQ. It's possible to change the configuration of the LDAP server used to one controlled by the attacker. This way the attacker will be able to steal all the credentials being sent through LDAP.
If you could somehow find the original credentials used by ActiveMQ you could perform a MitM, steal the creds, used them in the original server, and send the response (maybe just reusing the crendetials stolen you could do this).
Potential Impact: Steal ActiveMQ credentials
Last updated