CVE-2025-0693 Information

Description

Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account.

Reference

https://aws.amazon.com/security/security-bulletins/AWS-2025-002/