Wiz security researchers managed to crack the control panel of the underlying Azure CosmosDB hosting service, giving them full read and write permissions across all other customer databases on the same cluster.
By using access, they can obtain a plaintext Master Key “for any version? Cosmos DB? Running in our cluster” as well as executing arbitrary code in any other customer’s Jupyter Notebook instance.
“Using just one certificate, we managed to authenticate against multiple internal Service Fabric instances [Azure Cosmos] areas accessible from the internet. ”
“We were, like, looking for misconfigurations,” one of the Wiz team, researcher Nir Ohfeld, said in an interview with The Register.
“For some unknown reason, the server process for C# specifically is running with root privileges, which means any C# code will be executed as root. We used this misconfiguration to elevate our privileges inside the ”.
“Between us, we consider it like escaping the Matrix. We went from managing services to managing services, says researcher Sagi Tzadik.
Tzadik added that a malicious actor with those keys could even have encrypted every customer database at hand – possibly thousands, with slightly more horizontal movement through the Azure Cosmos management layer .
While the specific vulnerability has now been fixed, the hack revealed poor underlying security practices in Microsoft’s Azure, the company’s crown jewel, trusted by spy agencies and governments.
You can read the full transcript of the hack on Wiz .’s website here.
https://mspoweruser.com/hackers-manage-to-infiltrate-microsofts-azure-cosmos-db-database-reveal-poor-security-practices/ | Hackers managed to break Microsoft’s Azure Cosmos DB cluster, revealing poor security methods