Heimdal
article featured image

Contents:

Cyber researchers discovered last year that four of Microsoft Azure`s Services had security issues that made them vulnerable to server-side request forgery (SSRF) attacks.

Two of the vulnerabilities did not request authentication, so threat actors had the opportunity to exploit them without even having an Azure account.

As soon as researchers flagged Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins as vulnerable, Microsoft reacted and fixed the issues. However, the Azure Services vulnerabilities made gaining unauthorized access to cloud resources possible.

What’s the Risk for SSRF Attacks Victims

A server-side request forgery attack enables the malicious actor to both access and perform changes to internal resources. According to researchers:

The discovered Azure SSRF vulnerabilities allowed an attacker to scan local ports, find new services, endpoints, and sensitive files – providing valuable information on possibly vulnerable servers and services to exploit for initial entry and the location of sensitive information to target,

Source

Quick Overview of The Azure Vulnerabilities

  • Unauthenticated SSRF on Azure Digital Twins Explorer

Could be used to obtain a response from any service that ends in “blob.core.windows[.]net”

  • Unauthenticated SSRF on Azure Functions

Could be used to access internal endpoints and enumerate local ports.

  • Authenticated SSRF on Azure API Management Service

Could be used to list internal ports and access private data through the one related to a source code management service.

  • Authenticated SSRF on Azure Machine Learning Service

Could be used to retrieve data from any endpoint.

Mitigation Measures for SSRF Attacks

As a result of the discoveries, cybersecurity researchers came up with a set of recommendations for companies:

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE