Discussion

Hazem El-Sayed

Pentester and Security Researcher

Aug 31, 2025

Full ATO (1 Click) via custom metadata manipulation in AWS Cognito Misconfigured Application

Assalamu'alaikum, everyone. It’s been a long time since my last write-up. Today, we have a new finding on an application that uses AWS Cognito from Amazon as an Identity Provider, which uses custom metadata, but custom things always lead to special f...

zomasec.me6 min read

#bugbounty #bugbountytips #cybersecurity-1 #cybersecurity #websecurity #aws #aws-lambda #pentesting

Responses

No responses yet.

Search Hashnode

Full ATO (1 Click) via custom metadata manipulation in AWS Cognito Misconfigured Application

Responses