AWS IAM Login: AWS IAM User Enumeration (CVE-2025-0693) #shorts

Summary

In this episode, we dive into CVE-2025-0693, a critical information disclosure vulnerability affecting the AWS Sign-in IAM Login Flow. Disclosed by Rhino Security Labs, this issue allows attackers to perform brute force enumeration to identify valid IAM usernames in arbitrary AWS accounts.

Product details

The vulnerability impacts the Amazon Web Services (AWS) Sign-in IAM Login Flow, as identified by the provider's short name 'AMZN'. The specific version affected is marked as 'N/A', indicating a broader range of possible impacted systems within the AWS infrastructure.

Vulnerability type summary

CVE-2025-0693 is classified under CWE-204: Observable Response Discrepancy and CWE-208: Observable Timing Discrepancy. These types of vulnerabilities are centered around the ability to infer sensitive information, in this case, IAM usernames, based on variations in system response times.

Details of the vulnerability

CVE-2025-0693 takes advantage of variable response times within the AWS Sign-in IAM user login flow. By observing these discrepancies, attackers can employ brute force techniques to determine valid IAM usernames within an AWS account, potentially leading to further exploitation.

Conclusion

AWS customers should be aware of the potential risks associated with CVE-2025-0693 and implement recommended security measures to mitigate this user enumeration vulnerability. Continuous monitoring and adherence to security best practices are advised to protect sensitive information from being inadvertently disclosed.

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

• https://aws.amazon.com/security/security-bulletins/AWS-2025-002/