Security News > 2021 > August > Microsoft warns Azure customers of critical Cosmos DB vulnerability

Microsoft has warned thousands of Azure customers that a now-fixed critical vulnerability found in Cosmos DB allowed any user to remotely take over other users' databases by giving them full admin access without requiring authorization.

"Microsoft has recently become aware of a vulnerability in Azure Cosmos DB that could potentially allow a user to gain access to another customer's resources by using the account's primary read-write key," the company told customers.

Successful exploitation enabled them to access other users' Cosmos DB credentials, including their primary key, which provided them with complete and unrestricted remote access to Microsoft Azure customers' databases and accounts.

According to the Wiz research team, the actual number of impacted customers is likely a lot larger as it probably includes most Cosmos DB customers, given that the ChaosDB vulnerability was present and could've been exploited for months before their disclosure.

To mitigate the risk and block potential attacks, Microsoft advises Azure customers to regenerate the Cosmos DB Primary Keys that could've been stolen before the vulnerable feature was disabled.

If you are using the Azure Cosmos DB Core API, consider using the Azure Cosmos DB role-based access control to authenticate your database operations with Azure Active Directory instead of primary/secondary keys.

News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-azure-customers-of-critical-cosmos-db-vulnerability/