Security News > 2023 > April > Azure admins warned to disable shared key access as backdoor attack detailed

Azure admins warned to disable shared key access as backdoor attack detailed
2023-04-11 13:00

A design flaw in Microsoft Azure - that shared key authorization is enabled by default when creating storage accounts - could give attackers full access to your environment, according to Orca Security researchers.

"Similar to the abuse of public AWS S3 buckets seen in recent years, attackers can also look for and utilize Azure access keys as a backdoor into an organization," Orca's Roi Nisimi said.

At some later date, Redmond says new storage accounts will have shared key and shared access signature authorization disabled by default, but there's no word on when that will happen.

As both Nisimi and Microsoft note, there's a connection between Azure Storage and Azure Functions, which is the cloud provider's serverless service.

The storage account of a Function App can be found inside the AzureWebJobStorage environment variable under Application Settings, which includes a connection string to the storage account, together with one of the storage account keys.

In the meantime, it suggests customers check out its update on how to enforce the use of identity-based authorization for Storage using Azure Policy.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/04/11/orca_azure_access_keys/