The Bucket You Deleted is Still in Your DNS: S3 Bucket Takeover at Bime
In 2016, a researcher found that a2.bime.io had a CNAME record pointing to bimeio.s3.amazonaws.com . The bucket bimeio did not exist. It was not owned by Bime. It was not owned by anyone. The researcher created the bucket in their own AWS account. a2.bime.io was now serving their content — under Bime's domain, with Bime's SSL certificate, trusted by Bime's users. This is HackerOne #121461 . The fix was either claiming the bucket name or deleting the CNAME. Either takes under a minute. The window
Comment
Sign in to join the discussion.
Loading comments…