Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft
Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft — Aug 06, 2025Ravie LakshmananDevOps / Container Security [https://blogg
What’s new: Researchers have identified a vulnerability in Amazon Elastic Container Service (ECS) dubbed “ECScape,” which allows low-privileged containers to hijack IAM credentials from higher-privileged containers on the same EC2 instance. This flaw enables attackers to conduct lateral movement and access sensitive data within the cloud environment.
Who’s affected
Organizations using Amazon ECS on shared EC2 instances are at risk, particularly those running containers with varying privilege levels on the same host.
What to do
- Avoid deploying high-privilege tasks alongside untrusted or low-privilege tasks on the same EC2 instance.
- Consider using AWS Fargate for improved task isolation.
- Disable or restrict access to the instance metadata service (IMDS) for tasks.
- Limit permissions for the ECS agent.
- Set up CloudTrail alerts to monitor unusual usage of IAM roles.
Sources
