Heimdal Security Blog

Microsoft Azure Services Found Vulnerable to Server-Side Request Forgery Attacks

  • Livia Gyongyoși

    • Cyber researchers discovered last year that four of Microsoft Azure`s Services had security issues that made them vulnerable to server-side request forgery (SSRF) attacks.

    Two of the vulnerabilities did not request authentication, so threat actors had the opportunity to exploit them without even having an Azure account.

    As soon as researchers flagged Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins as vulnerable, Microsoft reacted and fixed the issues. However, the Azure Services vulnerabilities made gaining unauthorized access to cloud resources possible.

    What’s the Risk for SSRF Attacks Victims

    A server-side request forgery attack enables the malicious actor to both access and perform changes to internal resources. According to researchers:

    The discovered Azure SSRF vulnerabilities allowed an attacker to scan local ports, find new services, endpoints, and sensitive files – providing valuable information on possibly vulnerable servers and services to exploit for initial entry and the location of sensitive information to target,

    Source

    Quick Overview of The Azure Vulnerabilities

    Could be used to obtain a response from any service that ends in “blob.core.windows[.]net”

    Could be used to access internal endpoints and enumerate local ports.

    Could be used to list internal ports and access private data through the one related to a source code management service.

    Could be used to retrieve data from any endpoint.

    Mitigation Measures for SSRF Attacks

    As a result of the discoveries, cybersecurity researchers came up with a set of recommendations for companies:

    If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

    Related Articles: