Lateral movement

Privileged Managed Policy – Group Management

Risk Level

Hazardous (3)

Platform(s)

Description

An IAM Managed Policy is an object in AWS that, when associated with an identity or resource, defines their permissions. The policy {AwsIamManagedPolicy} was found with permissive permissions that allows the service or user with these permissions the ability to add a user to any group in the account. Any member of a group gains any privileges granted to that group. An attacker may use this ability to add themselves to a group which has been granted higher privileges than the user's original ones, which may ultimately lead to full account takeover.
  • Recommended Mitigation

    Review the policy and consider removing any of the following actions: iam:AddUserToGroup