Abstract
1. Overprivileged containers can steal AWS credentials by focusing on the 169.254.170.23:80 endpoint by way of packet sniffing and API spoofing assaults.
2. Attackers use tcpdump to intercept plaintext site visitors or manipulate community settings to deploy faux HTTP servers that seize authorization tokens.
3. Amazon considers this anticipated conduct below buyer accountability, not a safety vulnerability requiring patches.
4. Organizations should take away extreme container capabilities like CAP_NET_RAW, CAP_NET_ADMIN, and hostNetwork settings to stop exploitation.
Important vulnerabilities in Amazon Elastic Kubernetes Service (EKS) enable overprivileged containers to reveal delicate AWS credentials by way of packet sniffing and API spoofing assaults.
The investigation, revealed on June 19, 2025, demonstrates how misconfigured containers can facilitate unauthorized entry and privilege escalation in cloud environments, highlighting important dangers within the AWS shared accountability mannequin.
Amazon EKS Pod Id Exposes Credentials
The vulnerability particularly targets Amazon EKS Pod Id, a characteristic designed to simplify AWS credential administration for pods working in EKS clusters.
The service operates by way of the eks-pod-identity-agent add-on, which runs as a DaemonSet within the kube-system namespace and exposes an API on the link-local deal with 169.254.170.23 for IPv4 and [fd00:ec2::23] for IPv6 on port 80.
The agent accepts Kubernetes service account tokens within the Authorization header and calls the eks-auth:AssumeRoleForPodIdentity API motion.
When purposes make AWS service requests, the SDK routinely retrieves non permanent credentials from the EKS Pod Id agent, which then interacts with the AWS API to acquire vital credentials for the related IAM function.
Researchers recognized two main assault vectors exploiting extreme container privileges.
The primary entails packet sniffing, the place containers configured with hostNetwork: true settings can monitor community site visitors and intercept credentials transmitted in plaintext from the API endpoint 169.254.170.23:80.
A proof-of-concept utilizing the usual tcpdump utility efficiently demonstrated credential interception in unencrypted HTTP site visitors.
Gaining elevated privileges by way of the tcpdump utility
The second assault vector employs API spoofing methods. Even when CAP_NET_RAW functionality is eliminated, containers retaining CAP_NET_ADMIN privileges can manipulate Community Interface Card (NIC) settings.
Attackers can disable the eks-pod-identity-agent HTTP daemon by deleting the native hyperlink IP deal with, then deploy their very own HTTP server on 169.254.170.23:80 to intercept Authorization tokens.
Development Micro developed a Python-based proof-of-concept utilizing the pyroute2 library to display this exploit.
API spoofing-based assault
Mitigation Methods
The vulnerabilities had been reported to Amazon by way of the Development Micro Zero Day Initiative program.
Nonetheless, AWS decided that this conduct represents anticipated performance throughout the node’s belief boundary and falls below buyer accountability of their shared accountability mannequin.
To mitigate these dangers, organizations ought to implement the precept of least privilege when configuring containers and make the most of safety options like Development Imaginative and prescient One Container Safety.
The platform can detect and block containers working with elevated privileges, together with these with CAP_NET_RAW, CAP_NET_ADMIN capabilities, or pods with hostNetwork flags set to true.
