ChaosDB: Infosec bods could pull anyone’s plaintext Azure Cosmos DB keys at will from Microsoft admin tools

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Black Hat Europe An astonishing piece of vulnerability probing gave infosec researchers a way into to Microsoft’s management controls for Azure Cosmos DB – with full read and write privileges over customer databases.

The so-called ChaosDB vuln gave Wiz researchers “access to the control panel of the underlying service” that hosts Azure Cosmos, Microsoft’s managed cloudy SQL database service, they said.

Wiz was able to obtain plaintext Primary Keys “for any Cosmos DB instance running in our cluster” as well as executing arbitrary code in any other customer’s Jupyter Notebook instances.

Worse than that, the researcher claimed: “Using just one certificate, we managed to authenticate to internal Service Fabric instances of multiple [Azure Cosmos] regions that were accessible from the internet.” Service Fabric, as Reg readers may know, is Microsoft’s home-grown microservice platform and one of the core services in Azure.

Full details of the vuln chain and pwnage, which The Register first reported in August, were made public

Read the article