Lateral movement

Privileged Managed Policy – Group Management

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

An IAM Managed Policy is an object in AWS that, when associated with an identity or resource, defines their permissions. The policy {AwsIamManagedPolicy} was found with permissive permissions that allows the service or user with these permissions the ability to add a user to any group in the account. Any member of a group gains any privileges granted to that group. An attacker may use this ability to add themselves to a group which has been granted higher privileges than the user's original ones, which may ultimately lead to full account takeover.
  • Recommended Mitigation

    Review the policy and consider removing any of the following actions: iam:AddUserToGroup