Microsoft Azure customers have been informed of a newly found critical bug in Cosmos DB that enables intruders to remotely take control over databases by giving them complete admin access with no authorization requested.
Anyone can read, change, or delete databases as they please, according to Microsoft.
This month, cybersecurity researchers at the cloud security company Wiz have noticed they could have obtained access to the primary read-write key for most users of the Cosmos DB database system, which allowed them to steal, modify, or get rid of millions of databases.
Following the Wiz warning on 12 August 2021, Microsoft has immediately disabled the vulnerable feature, informed more than 30% of the potentially impacted individuals, and urged them to change their keys.
Microsoft has recently become aware of a vulnerability in Azure Cosmos DB that could potentially allow a user to gain access to another customer’s resources by using the account’s primary read-write key. This vulnerability was reported to us in confidence by an external security researcher. Once we became aware of this issue on 12 August 2021, we mitigated the vulnerability immediately.
What Data Has Been Accessed in the Microsoft Azure Incident?
According to the tech giant, there’s no evidence showing that cybercriminals have used the vulnerability to access customer data.
WIZ researchers stated that all a threat actor has to do is to take advantage of a chain of flaws in Cosmos DB’s Jupyter Notebook that is created to help users view their data.
Once an intruder has access to the Jupyter Notebook, they can get the victims’ Cosmos DB account credentials including their primary key. Having these credentials, a threat actor can obtain full unrestricted remote access to Microsoft Azure users’ accounts and databases.
Even if no data has been accessed during this incident, Microsoft customers are recommended to regenerate their primary read-write keys that could’ve been stolen before the vulnerability was patched.
Here you can find all the steps recommended by Microsoft that you need to take in order to secure your Azure Cosmos DB database.
While Microsoft declares that the vulnerability has been immediately fixed, and no data was stolen, WIZ researchers have some serious doubts regarding the data exposure. They stated that “the bug has been exploitable for months and every Cosmos DB customer should assume they’ve been exposed.”