Azure Service Tags Vulnerability Controversy
Date: June 2024
CVE: N/A
Vulnerability Type: Security Misconfiguration
CWE: [[CWE-20]], [[CWE-287]]
Sources: Bleeping Computer
Synopsis
A security vulnerability in Azure Service Tags has been highlighted by Tenable, who identified a risk of data exposure due to how Service Tags handle firewall rules and access control. Microsoft, however, disputes this assessment, clarifying the intended use of Service Tags.
Issue Summary
Tenable's security researchers claim that they discovered a high-severity vulnerability in Azure Service Tags that allows attackers to impersonate trusted Azure services and bypass firewall rules based on Azure Service Tags, and can access private data that way by crafting SSRF-like web requests. These tags, designed for routing and not security boundaries -as per Microsoft-, can be manipulated to impersonate trusted services and access sensitive data.
Technical Key findings
The vulnerability exploits the "availability test" feature within Azure's Application Insights Availability service. By manipulating custom headers and HTTP requests, attackers can bypass network controls that rely on Service Tags, thus accessing internal services and APIs hosted on common ports (80/443).
Vulnerable Products
- Azure DevOps
- Azure Machine Learning
- Azure Logic Apps
- Azure Container Registry
- Azure Load Testing
- Azure API Management
- Azure Data Factory
- Azure Action Group
- Azure AI Video Indexer
- Azure Chaos Studio
Impact Assessment
Exploitation of this vulnerability could lead to unauthorized access to sensitive data and internal APIs, potentially exposing internal services to malicious actors. This represents a significant risk, particularly for services relying solely on Service Tags for security.
Patches or Workaround
Microsoft has not issued a patch, asserting that Service Tags are not designed as a security boundary. They recommend adding authentication and authorization layers to enhance security. Azure customers should follow Microsoft's updated guidelines and review their network configurations to ensure robust security measures are in place.
Tags
#Azure #ServiceTags #Vulnerability #SSRF #DataExposure #CloudSecurity #Microsoft #FirewallBypass