Skip to content

Azure Database Service Flaw Could Affect Thousands of Firms

Hacker Coding At Night

A vulnerability in Microsoft Azure’s database service Cosmos DB has potentially put at risk thousands of Azure customers, including many Fortune 500 companies, according to the public cloud infrastructure security firm Wiz.

Wiz says the vulnerability, discovered two weeks ago, enabled researchers to gain unrestricted access to the accounts and databases of several thousand Microsoft Azure customers.

On Thursday – the same day Wiz published its blog post describing the vulnerability – Microsoft sent an email to its cloud computing customers, stating that it had been made aware of vulnerability on Aug. 12 and took steps to mitigate it, Wiz reports. “We are not aware of any data access because of this vulnerability,” said the note, a screenshot of which was tweeted by Wiz cloud security researcher Sagi Tzadik.

Wiz says that “a series of flaws in a Cosmos DB feature created a loophole, allowing any user to download, delete or manipulate a massive collection of commercial databases, as well as read-write access to the underlying architecture of Cosmos DB.”

The researchers named this vulnerability #ChaosDB. “Exploiting it was trivial and required no other credentials,” they say.

When asked by Information Security Media Group for comment, Microsoft responded: “We fixed this issue immediately to keep our customers safe and protected. We thank the security researchers for working under Coordinated Vulnerability Disclosure.”

(Link to the Article)

Join our newsletter

Schedule a Demo with the Baffle team

Meet with Baffle team to ask questions and find out how Baffle can protect your sensitive data.

Easy

No application code modification required

Fast

Deploy in hours not weeks

Comprehensive

One solution for masking, tokenization, and encryption

Secure

AES cryptographic protection

Flexible

No impact to user experience