Open S3 buckets vulnerabiltiy?

Question

I know what is bucket, but what i want to know that Open buckets vulnerability.

What are open buckets? How i confirm the vulnerability?

Thank you in advance!!

Answer 1

There have been a number of high profile leaks recently involving publically accessible S3 buckets. If I'm understanding your question correctly, you're asking what exactly those are, and how to know if your buckets are vulnerable.

S3 buckets are considered publically accessible, based on the permissions of their access controls. There are two ways that you can make a bucket public. The first one is using Access Control Lists (ACLs). If a bucket is set to Public Read, then it's contents can be downloaded by anyone able to determine the correct URLs. The second method is by use of a bucket policy. A bucket can be made public by using a bucket policy such as this example from the S3 documentation:

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AddPerm",
      "Effect":"Allow",
      "Principal": "*",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::examplebucket/*"]
    }
  ]
}

In this case, "Principal": "*" implies any users, including anonymous users.

To check if your buckets grant public access, you can check each bucket for those two permissions. To prevent your buckets from being made public, AWS has released an AWS Config rule for preventing public read and write access.

Answer 2

You could write CLI queries to see what buckets have the public permission. It's a two step process.

1. Get the list of buckets http://docs.aws.amazon.com/cli/latest/reference/s3api/list-buckets.html
2. Query the policies and the ACL http://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-policy.html http://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html

Just get all the buckets that has the ACL that allows all to see.

Hope this helps.