This report outlines a critical security vulnerability involving a Server-Side Request Forgery (SSRF) attack targeting the Amazon Web Services (AWS) Instance Metadata Service (IMDS) 1. Executive Summary The string callback-url=http://169.254.169
While this mechanism is incredibly convenient, the IP address 169.254.169.254 has become infamous in the cybersecurity world due to Server-Side Request Forgery (SSRF).
These credentials are temporary and rotated automatically by AWS (usually every hour), ensuring that if a credential is intercepted, it has a short lifespan.
The string you provided is a URL-encoded representation of a specific HTTP request path. When decoded, it translates to:
The use of this callback URL for retrieving IAM security credentials has profound security implications: