Home News Security Flaw in Microsoft Azure Lets Hackers Control Azure Accounts

Security Flaw in Microsoft Azure Lets Hackers Control Azure Accounts

December 5, 2019

Security analysts from cybersecurity firm CyberArk recently found a critical vulnerability in Microsoft Azure that allows attackers to take control over Microsoft Azure user accounts.

The vulnerability, dubbed as BlackDirect, specifically impacts Microsoft’s OAuth 2.0 applications, according to researchers. It’s said that Microsoft’s OAuth 2.0 applications allegedly allow malicious attackers to access and control a victim’s Azure account and create the Token with the victim’s permissions.

About OAuth

OAuth is a commonly used protocol for authorization for end-users to grant websites or applications access to their information. Most companies use OAuth to permit users to share information about their accounts with third-party applications.

OAuth 2.0 is the next generation of the OAuth protocol that allows third-party applications to grant limited access to an HTTP service.

The BlackDirect Vulnerability

According to CyberArk, anyone can be registered to OAuth applications, as they trust domains and sub-domains that are not registered on Microsoft. Researchers found that this factor makes it possible to get the user’s permission, including gaining access to Azure resources, and Active Directory resources.

Researchers stated that the impact of the BlackDirect vulnerability attack can be very powerful. If exploited, the victim might suffer theft of sensitive data, compromised production servers, manipulation of data, and encryption of all the organization’s data with ransomware.

“If an attacker gains control of the domains and URLs Microsoft trusts, Microsoft’s published applications makes it possible for the attacker to lead victims to automatically generate access tokens with their permissions. All the attacker must do is get their victims to click on a link or visit a compromised website, which can be done easily with simple social engineering techniques,” the researchers stated.

Mitigating Risks

CyberArk also listed a few steps to mitigate risks and prevent vulnerabilities, which include:

Removing unnecessary redirect.
Make sure that all the trusted redirect URIs configured in the application are under your ownership.
Make sure the permissions that the OAuth application asks for are the least privileged one it needs.
Disabling non-used applications.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Security Intelligence Report: CISO Point of View – Analysis of Storage & Backup Security in the Financial Services & Banking Sector

3 Digital Assets That Are High in Demand on Dark Web Forums

Why Every Business Needs a Cybersecurity Incident Response Team

Cybersecurity Awareness Month 2021: Here’s What the Experts Have to Say

Three Steps to Bridge the Network and Security Divide