A major Azure cloud database vulnerability led to complete data expose

The ChaosDB flaw may have existed since 2019 and affected the entire database

Researchers discovered a serious security flawThe attacker can gain access to all of the databases stored on the Cosmos DB service.

Anyone using NoSQL databases on Microsoft's Azure cloud is probably running Cosmos DB. If that's the case, every user is in potential danger as tech giant Microsoft admitted that a freshly discovered new critical vulnerability named Chaos DB could enable potential intruders to read, change and even delete all users' databases. A cloud security firm called WIZ was the one to discover this major security flaw and the firm's experts state that such a problem is very hazardous.[1]

According to WIZ, every Cosmos DB account that uses the notebook feature, or that was created after January 2021, is potentially at risk.[2] Moreover, this flaw could give any Azure user full admin access to another customer's Cosmos DB instances without any type of authorization. This trivial exploit that doesn't require any previous access to the target environment, could just impact thousands of organizations, including numerous Fortune 500 companies.

Microsoft publicly announced the most recent issue and added that a user could gain access to another customer's resources by using the account's primary read-write key. The company also detailed that vulnerability was reported to them in confidence by an external security researcher on August 12th and after that, all actions were taken to immediately mitigate the threatening flaw.

The vulnerability has been exploitable for months

Among the Azure Cosmos DB, clients are some major global names like Coca-Cola, Liberty Mutual Insurance, ExxonMobil, and Walgreens. This vulnerability left more than 3,300 Azure customers open to complete unrestricted access by attackers. The problem here is the act that even if Microsoft disabled the vulnerability quickly after the WIZ report, Microsoft can’t change its customers’ primary access keys.[3]

Taking all steps of the precaution, Microsoft emailed Cosmos DB customers to manually change their keys in order to mitigate exposure. However, all of the companies' actions could be taken a little too late. Experts believe that the vulnerability has been exploitable for months and every Cosmos DB customer should assume they've been exposed. This puts a lot of people across the globe in very difficult situations.[4]

With that in mind, Microsoft also recommends to reviews all past activity on their Cosmos DB accounts. A company is now concerned with this security issue, it even requested more detailed analysis but researchers have not yet released any new technical information regarding the ChaosDB flaw. However, the company is said to publish a full detailed technical paper and share it publicly.

Data security flaws could cause major problems

Data is a very critical asset of any company or even individual being. In the business world, every customer could be linked with a significant amount of personal data that could cause problems if gotten into the wrong hands. As data is stored in databases it's utter important to take all steps to protect all critical information and data security should be the goal of any database management system and company altogether.

As recent information shows that no evidence of exploit has been found, the Microsoft Azure cloud situation could be a good lesson to pay more attention to data security. It is also important to pay its dues to researchers and experts as if not them, such flaws wouldn't be discovered. In this situation, it is reported that Microsoft agreed to pay Wiz $40,000 for sharing the information about the flaw.[5]

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions