Overview
Microsoft on Thursday warned its cloud computing customers of a critical security flaw in Microsoft Azure that could have exposed their cloud-based datasets.
Description
Wiz security research team reported a critical security flaw that existed in Microsoft Azure’s Cosmos DB database. Due to the vulnerability, researchers could gain full unrestricted access to the accounts and databases of several Microsoft Azure customers.
Though in most cloud-based database exposures customers are to blame for faulty misconfigurations, this time the breach is caused by default misconfigurations that affect all the Cosmos DB users. Dubbed as ChaosDB by Wiz, the vulnerability stems from a series of flaws in a Cosmos DB feature that creates a loophole and eventually allows any user to manipulate, delete or download other customers’ data.
Specifically, the vulnerability exist in the Jupyter Notebook feature of the Cosmos DB that allows the DB users to visualize their data though customized views. A series of misconfigurations in this feature leads attackers to capture the Cosmos DB primary keys and gain unautorized access to other customers’ datasets. Currently, no more details about the ChaosDB vulnerability is available currently but Wiz announces that the further technical details on the vulnerability will be shared soon.
After being informed of the critical Cosmos DB vulnerability, Microsoft took immediate action and disabled the vulnerable notebook feature that was turned on by default for all Cosmos DB users since February 2021. Microsoft also emailed its customers to warn them of the newly discovered cloud database vulnerability and asked them to change their primary keys to DBs. In its email, Microsoft noted that there was no evidence that the flaw had been exploited by external parties.
Impact
An attacker with a Cosmos DB account could gain unauthorized full admin access to any customer DB of his/her choice through captured primary keys. After gaining access, datasets of the other customers could be deleted, altered or dowloaded by the attackers.
Solution (Update)
The vulnerable notebook feature of the Cosmos DB has been disabled by Microsoft to prevent attackers from exploiting the ChaosDB vulnerability. However, primary keys to the DB should be changed immediately by the Cosmos DB users as they were potentially exposed to the attackers until the time the notebook feature was disabled.
I’ve come to the conclusion that if you give a data point to a company, they will eventually sell it, leak it, lose it or get hacked and relieved of it. There really don’t seem to be any exceptions, and it gets depressing.
Brian Krebs
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
References to Advisories, Solutions and Tools
- Wiz Security Blog on ChaosDB
To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?
