Researchers from could security company Wiz identified a flaw in the Azure cloud platform earlier this month that might allow a remote attacker to take over Cosmos DB instances without authorization and with full administrative access, meaning they could read, write, and delete databases.
“The vulnerability has a trivial exploit that doesn’t require any previous access to the target environment, and impacts thousands of organizations, including numerous Fortune 500 companies,” the researchers, who named the vulnerability ChaosDB, say.
On August 12, Microsoft was notified about the problem, and the vulnerable feature was disabled within 48 hours. However, customers of Cosmos DB should assume they are vulnerable because the vulnerability was accessible for months prior to being revealed, according to Wiz.
To Read More: securityweek
For more such updates follow us on Google News ITsecuritywire News.