Google API Keys Remain Active After Deletion

A security vulnerability in Google API keys allows deleted keys to remain active for up to 23 minutes, potentially enabling unauthorized access. This affects Google Cloud users who rely on API keys for authentication. The attack vector is a timing-based vulnerability in the deletion process.

1. The vulnerability allows deleted API keys to remain active for up to 23 minutes, during which time they can be used for authentication.
2. This affects Google Cloud users who rely on API keys for authentication, potentially leading to unauthorized access.
3. The attack chain involves deleting an API key, but the key remaining active for a short period, allowing an attacker to use it for malicious purposes.
4. Detection opportunities include monitoring API key usage and looking for suspicious activity during the 23-minute window after deletion.

T1190 - Exploit Public-Facing Application

Google Cloud users should implement a 23-minute delay before reusing deleted API keys to prevent unauthorized access.