Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How AWS Cognito User Pool defends against bruteforce attacks

Tags:

amazon-web-services

amazon-cognito

I am going to use AWS Cognito User Pool product as user directory for application and have several questions:

  1. Is Amazon throttle request to Cognito User Pool and if yes what is the rate limit of calls to get throttled?
  2. How Cognito defends against bruteforce attack on login/password?
like image 250
knok16 Avatar asked Jun 09 '16 17:06

knok16

People also ask

How does Cognito user pool work?

A user pool is a user directory in Amazon Cognito. With a user pool, your users can sign in to your web or mobile app through Amazon Cognito. Your users can also sign in through social identity providers like Google, Facebook, Amazon, or Apple, and through SAML identity providers.

What is the main difference between Cognito user pool and Cognito identity pool?

With a user pool, your app users can sign in through the user pool or federate through a third-party identity provider (IdP). Identity pools are for authorization (access control). You can use identity pools to create unique identities for users and give them access to other AWS services.

How does AWS Cognito hash passwords?

Cognito Identity does not receive or store user credentials. Cognito Identity uses the token from the identity provider to obtain a unique identifier for the user and then hashes it using a one-way hash so that the same user can be recognized again in the future without storing the actual user identifier.

How can you use Cognito to provide security to a user?

Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, Google or Apple. The two main components of Amazon Cognito are user pools and identity pools.

1 Answers

After couple of hours search I found this two exceptions in source code:

TooManyFailedAttemptsException This exception gets thrown when the user has made too many failed attempts for a given action (e.g., sign in).

HTTP Status Code: 400

TooManyRequestsException This exception gets thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

Also, I tried to log in with wrong credentials to test limits, I get NotAuthorizedException: Password attempts exceeded exception after 5. attempt.

In a similar scenario, I tried to brute force to forgot password but after 10 failed attempt I got LimitExceededException: Attempt limit exceeded, please try after some time.

I think that is how they do it.

like image 120
endertunc Avatar answered Sep 29 '22 19:09

endertunc
Sign in to Comment

Related questions

How to Generate a Presigned S3 URL via AWS CLI
ImportError: cannot import name 'docevents' from 'botocore.docs.bcdoc' in AWS CodeBuild
node.js AWS dynamodb updateItem
ValidationException: Before you can proceed, you must enable a service-linked role to give Amazon ES permissions to access your VPC
Not able to search on nested property in DynamoDB AWS console
AWS EB Error: Incorrect application version found on all instances
AWS Lambda - CloudWatch Event type
Failure to launch Amazon EC2 non free instances
Multiple docker containers in one EC2 instance through AWS ECS
Cannot delete AWS Lambda@Edge replicas
How to use the code returned from Cognito to get AWS credentials?
Purpose of Amazon SQS message's body as against message's attributes
How to monitor EC2 instances by memory?
Dynamodb vs Redis
Fail to enable CORS for API Gateway functions
AWS RDS PostgreSQL error "remaining connection slots are reserved for non-replication superuser connections"
AWS DynamoDB Requested resource not found
How to peek at messages in the queue
How do I get data storage used on my AWS RDS?
How to move files from amazon ec2 to s3 bucket using command line

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!