Your cloud security is directly proportional to you admin's security knowledge and mindset. For example, unauthenticated adversaries can extract user credentials from misconfigured reverse proxy servers in order to delete, manipulate or extract data from websites and applications.

Researchers have created a proof-of-concept attack that allows unauthenticated adversaries to extract user credentials from misconfigured reverse proxy servers in order to delete, manipulate or extract data from websites and applications

The PoC targets APIs that provide access to the metadata associated with identity services such AWS’ Identity and Access Management (IAM), Microsoft’s Azure Managed Service Identity (MSI), and Google’s Cloud Cloud IAM.

In its PoC attack, researchers created a typical configuration for a web server or application server using a reverse proxy server running a default NGINX installation. NGINX is web server software that can also be used as a reverse proxy. A reverse proxy server is a type of server that retrieves resources on behalf of a client from one or more servers.

https://threatpost.com/misconfigured-reverse-proxy-servers-spill-credentials/132085/