Jump to content


Misconfigured Reverse Proxy Servers Spill Credentials

  • Please log in to reply
No replies to this topic

#1 TheSentinel


    The man in the dark

  • General Admin
  • 31,817 posts

Posted 19 May 2018 - 04:53 PM

Misconfigured Reverse Proxy Servers Spill Credentials
by Tom Spring May 18, 2018 , 8:45 am

Researchers have created a proof-of-concept attack that allows unauthenticated adversaries to extract user credentials from misconfigured reverse proxy servers in order to delete, manipulate or extract data from websites and applications. The proof-of-concept (PoC) attack targets major cloud customers of services such as Amazon Web Services, Microsoft Azure and Google Cloud, according to researchers at RedLock that published a report on their findings Tuesday.

Read the whole story on that here: