Azure Cosmos DB Vulnerability Allowed Unauthorized Access


A newly disclosed vulnerability in Microsoft Corp.’s Azure Cosmos DB was found to open the door to an attacker without needing authentication under certain conditions.

The vulnerability is known as “CosMiss,” according to Orca Security Ltd. security researchers. If an attacker is aware of a Cosmos DB Notebook’s “forwarding,” which is the globally unique identifier of the Notebook Workspace, the vulnerability becomes accessible. With this information, the attacker would have complete access to the Notebook without the need for authentication, granting them read-write access, code injection, and the ability to overwrite code to execute remote code.

Also Read: Top Five Potential Downsides of Biometric Authentication Enterprises Must Be Aware Of

Microsoft’s quick NoSQL database, Azure Cosmo DB, is used by the retail sector to store catalog data as well as by Microsoft in its own e-commerce platforms.

Read More: Azure Cosmos DB vulnerability gave access without authentication