Cloud security is often a mystery.
Clients blindly trust the cloud providers and their security. If we look at the popular cloud vulnerabilities we can see that most of them focus on the security of the client’s applications (aka misconfigurations or vulnerable applications), and not the cloud provider infrastructure.
cp<r> (Check Point Research) wanted to break the assumption that cloud infrastructures are secure and produced a research to demonstrate it. In this two part research (part 1, part 2) we reveal various attack vectors and vulnerabilities we found on Azure Stack and Azure platforms.
Azure is Microsoft’s cloud computing service provider. Azure Stack is a portfolio of products that extend Azure services and capabilities to any environment —from the datacenter to edge locations and remote offices. The portfolio enables hybrid and edge computing applications to be built, deployed, and run consistently across location boundaries, providing choice and flexibility to address different workloads and diverse organizational needs.
- How we could get screenshots and information about tenants and infrastructure machines in Azure Stack, using a chain of issues we found.
- Critical vulnerability in Azure App Service, which is a platform that allows building and hosting web apps, mobile back ends, and APIs in various programming languages, without managing infrastructure.
Exploiting this vulnerability could allow us to compromise Microsoft’s App Service infrastructure. However, exploiting it specifically on a Free/Shared plan(which Microsoft publically declared it has plans to) could also allow compromising other tenant apps, data, and account! Thus breaking the security model of App Service.
The cloud is not a magical place. Despite its almost shielded perception, it is eventually an infrastructure, code that can have vulnerabilities – just as we demonstrated in this article and just as primarily we’ve shared with the Microsoft team.
cp<r> is dedicated to improve and thrive towards safer technologies, better secured infrastructures, and generally to enrich the greater intelligence community. This research is part of these efforts.
The above vulnerabilities were disclosed and fixed by Microsoft and assigned as CVE-2019-1372 and CVE-2019-1234.
Microsoft acknowledged these vulnerabilities were relevant to Azure Cloud and Azure Stack.
When operating in the cloud, enterprises often behave with the wild abandon as if their services are hosted in their basement behind the safety of their trusted gateway. It’s easy to forget that while you might be sitting within your enterprise in the office, your device – using your corporate internet connection – is actually communicating with a service that is hosted outside of the organization. The potential costs to businesses are dramatic – phishing schemes and data leaks have cost global brands both in dollar value and reputational value.
CheckPoint’s CloudGuard solutions provide organizations with the visibility, control and confidence they need in order to efficiently and safely operate in the cloud.
To read the full research, go to: https://research.checkpoint.com/