Misconfigured Reverse Proxy Servers Spill Credentials
by Tom Spring May 18, 2018 , 8:45 am
Researchers have created a proof-of-concept attack that allows unauthenticated adversaries to extract user credentials from misconfigured reverse proxy servers in order to delete, manipulate or extract data from websites and applications. The proof-of-concept (PoC) attack targets major cloud customers of services such as Amazon Web Services, Microsoft Azure and Google Cloud, according to researchers at RedLock that published a report on their findings Tuesday.
Read the whole story on that here: