Scientists have discovered a vulnerability in ECScape related to Amazon ECS that allows for the theft of credentials across different tasks.

Cybersecurity researchers have unveiled an alarming “end-to-end privilege escalation chain” within Amazon Elastic Container Service (ECS), which could be exploited by attackers to facilitate lateral movement, access sensitive data, and gain control over cloud environments. This attack technique, dubbed ECScape by Sweet Security researcher Naor Haziz, was presented at the Black Hat USA security conference in Las Vegas. Haziz reported that they discovered a method to exploit an undocumented ECS internal protocol to capture AWS credentials belonging to other ECS tasks operating on the same EC2 instance. A malicious container with a low-privileged IAM (Identity and Access Management) role can potentially acquire the permissions of a higher-privileged container running on the same host.

The vulnerability identified by Sweet Security allows a low-privileged task on an ECS instance to hijack the IAM privileges of a more privileged container by stealing its credentials. This is achieved by leveraging a metadata service at 169.254.170[.]2, which exposes temporary credentials linked to the task’s IAM role. While this system is designed to deliver credentials securely at runtime, a leak of the ECS agent’s identity could enable an attacker to impersonate the agent and access credentials for any task on the host. The process involves obtaining the host’s IAM role credentials, discovering the ECS control plane endpoint, and forging a connection that mimics the agent’s expected behaviour. By doing so, ECScape undermines the trust model, allowing a compromised container to collect IAM role credentials from all tasks on the same EC2 instance, thereby acting with those elevated privileges.