Google Crypto Expert Exposes Trio of AWS Encryption Bugs


Amazon has updated its S3 encryption client after a cryptographic expert at Google identified three security vulnerabilities in how it secures content in S3 buckets. These included two bugs in its software development kit (SDK), earning her a brace of rare CVEs against the hyperscaler: CVE-2020-8912 and CVE-2020-8911.

Among Dr Sophie Schmieg’s trio of finds was one dubbed by security colleague Thai Duong as “one of the coolest crypto exploits in recent memory”. 

AWS acknowledged the vulns

To see the full content, share this page by clicking one of the buttons below
Click on a tab to select how you'd like to leave your comment

Leave A Reply

Your email address will not be published.