AWS Cognito Misconiguration Automation Check
- Install AWS CLI
- Sign Up Via Client Id - Authentication bypass due to enabled Signup API action
- Generate AWS credentials from Identity ID - Unauthorized access to AWS services due to Liberal AWS Credentials
- Enumerate IAM from Generated AWS credentials
- Sign Up Via Client Id + Client Secret When Application Allows SignUp but Need Proper Secret Hash
- Privilege escalation through writable user attributes
- Updating email attribute before verification