Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Cyber researchers discovered last year that four of Microsoft Azure`s Services had security issues that made them vulnerable to server-side request forgery (SSRF) attacks.
Two of the vulnerabilities did not request authentication, so threat actors had the opportunity to exploit them without even having an Azure account.
As soon as researchers flagged Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins as vulnerable, Microsoft reacted and fixed the issues. However, the Azure Services vulnerabilities made gaining unauthorized access to cloud resources possible.
What’s the Risk for SSRF Attacks Victims
A server-side request forgery attack enables the malicious actor to both access and perform changes to internal resources. According to researchers:
The discovered Azure SSRF vulnerabilities allowed an attacker to scan local ports, find new services, endpoints, and sensitive files – providing valuable information on possibly vulnerable servers and services to exploit for initial entry and the location of sensitive information to target,
Quick Overview of The Azure Vulnerabilities
- Unauthenticated SSRF on Azure Digital Twins Explorer
Could be used to obtain a response from any service that ends in “blob.core.windows[.]net”
- Unauthenticated SSRF on Azure Functions
Could be used to access internal endpoints and enumerate local ports.
- Authenticated SSRF on Azure API Management Service
Could be used to list internal ports and access private data through the one related to a source code management service.
- Authenticated SSRF on Azure Machine Learning Service
Could be used to retrieve data from any endpoint.
Mitigation Measures for SSRF Attacks
As a result of the discoveries, cybersecurity researchers came up with a set of recommendations for companies:
- check all input,
- check that all servers are set to allow inbound and outbound traffic only,
- mitigate misconfigurations,
- enforce the principle of least privilege.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
