A Microsoft Azure configuration error could have opened the door for hackers to virtual machines and cloud-based storage cubes.
The vulnerability of the service, cataloged by the Redmond firm as a comprehensive and ever-expanding set of cloud computing services, was revealed by Threatpost based on reports from CyberArk.
During their analysis, experts noted "telemetry reports sent to a non-existent domain and that most of those telemetry requests include access tokens."
In particular, access tokens are "objects that describe the security context of a process or thread," as defined by Microsoft. The information in a token includes the identity and privileges of the user account associated with the process or the thread, ”added Threatpost.
The same media reported that CyberArk created two proof of concept (PoC) exploits against the vulnerability in order to gain control of users' access tokens.
Both take advantage of the error made by Microsoft in the manifest code of their Azure portal () The error caused Azure to try to connect to a non-existent hostname urehubs, detail.
According to CyberArk, the bug dates back to September 6, 2019, but Microsoft unintentionally fixed it two weeks later as part of a regular platform update.
With three lines of code, I closed the door on hackers (). Microsoft managed to mitigate the vulnerability by ensuring that the URL is not just the path, but a full valid URL, ”the IT security firm detailed.
Threatpost concluded that the researchers have emphasized that the vulnerability serves as a precedent for other potential bugs in the cloud, which is why companies need to be vigilant when it comes to relying on infrastructure and third-party security.
Cloud services are excellent options for many companies. However, relying on someone else's infrastructure depends on the security measures of a third party, which can be a risky practice, "Tsarfati reflected.