安全研究人员发现Google的API密钥管理系统存在漏洞。已删除的API密钥最多可保持活动状态23分钟,可能允许未经授权的访问。Aikido Security发现了这个漏洞,他们发现尽管Google Cloud UI显示密钥已被移除,但这些密钥仍能进行身份验证。 AI
影响 如果管理不当,此漏洞可能导致敏感数据和系统面临未经授权的访问。
排序理由 安全研究人员发现了一个广泛使用的云平台的API密钥管理漏洞。[lever_c_demoted from research: ic=2 ai=0.4]
AI 生成摘要 · Google Gemini · 来自 3 个来源。 我们如何撰写摘要 →
📰 Google API Keys Remain Active After Deletion Aikido Security found that deleted Google API keys can continue authenticating for a median of about 16 minutes and as long as 23 minutes, despite Google Cloud's UI claiming that once a key is dele... 📰 Source: Slashdot 🔗 Link: https…
Plenty of time for bad actors to grab data or hit you with a giant bill
A new study shows deleted Google Cloud API keys remain active for up to 23 minutes. Google closed the bug report as a "won't fix" system property. # Tech # CyberSecurity # GoogleCloud # AI # Development https:// blazetrends.com/google-api-key s-stay-active-23-minutes-after-deleti…