Huge Cloud Vulnerability Found in Microsoft Azure

Teodora Dobrilova
Teodora Dobrilova

Updated · Feb 21, 2022

SHARE:

Techjury is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.

This month, researchers discovered a dangerous security vulnerability in Microsoft Azure, that could give cybercriminals admin access to all user databases in Cosmos DB.

The Issue

Researches from the security company Wiz found that it is easy for one to gain the primary keys to all databases. This gives cybercriminals the ability to read, change or delete information.

The vulnerability might have been present since the 2019 release of Jupyter Notebook. The researchers called it ChaosDB.

Wiz CTO and former chief technology officer at Microsoft's Cloud Security Group Ami Luttwak said: "This is the worst cloud vulnerability you can imagine. It is a long-lasting secret. This is the central database of Azure, and we were able to get access to any customer database that we wanted".

Microsoft’s Actions

Microsoft, however, cannot change the access keys. So, it sent mass emails to potentially affected customers to warn them about the issue.

The company also fixed the configuration mistake, which was the root of the issue.

"Our investigation shows no unauthorized access other than the researcher activity. Notifications have been sent to all customers that could be potentially affected due to researcher activity," Microsoft announced. 

The Statistics

The case should serve as a warning for all database software users. 

Statistics also show that:

Vulnerabilities similar to ChaosDB are just giving hackers the upper hand.

SHARE:

Teodora Dobrilova

Teodora Dobrilova

Teodora devoted her whole life to words – reading, writing and trying to be original on social media. She got certified in digital marketing but still feels she’s not cool enough to be an influencer. (We all disagree – she influences the team pretty well.) She finished a master’s degree focused in Literature, Publishing, Mass Media. Her hobbies include traveling, and reading. Teddy hopes that yoga will be the thing to finally teach her some patience and show her the path toward world domination. Maybe modern tech can also help her with that.

Leave your comment

Your email address will not be published.