Major service tag security problems reported in Microsoft Azure
- by nlqip
Paul Robichaux, senior director of product management at cloud security vendor Keepit, agreed that Microsoft’s decision not to address the vulnerability was reasonable. “I think Microsoft called this one correctly. This isn’t nothing, but it’s not a big deal either. It is a theoretical vulnerability if you’re using Azure service tags as a single point of control.”
“But if someone walks in your office wearing a polo shirt with your company logo, you don’t automatically give them free run of the place,” Robichaux said. “Trusting service tags as the only control mechanism is the same thing. You could do it, but you wouldn’t. Instead, you’d have other authentication methods used in parallel.”
Exploiting the vulnerability is straightforward
The Tenable report said the potential method for exploiting the vulnerability is straightforward. It noted that multiple Azure services allow customers to craft web requests, some even allowing users to add headers and change HTTP methods.
Source link
lol
Paul Robichaux, senior director of product management at cloud security vendor Keepit, agreed that Microsoft’s decision not to address the vulnerability was reasonable. “I think Microsoft called this one correctly. This isn’t nothing, but it’s not a big deal either. It is a theoretical vulnerability if you’re using Azure service tags as a single point…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA