ChaosDB: How We Hacked Databases of Thousands of Azure Customers

Presented at Black Hat Europe 2021, Nov. 10, 2021, 11:20 a.m. (40 minutes)

In August 2021, the Wiz Research Team uncovered ChaosDB - a critical cross-tenant vulnerability in Azure Cosmos DB, Azure's flagship managed database solution which is used by countless organizations. This vulnerability is every company’s worst nightmare: even a flawless environment is affected. Easily exploitable, this bug allowed any Azure user to have full admin access to thousands of customers' databases, including Fortune 500 companies, without any procedural authorization.<br><br>This is an unprecedented cloud vulnerability, considered to be one of the most severe issues ever disclosed in any major cloud platform. This vulnerability triggered many questions regarding the security of managed cloud services. Since this vulnerability allowed stealing long-lasting secrets of the target database, attackers may use these secrets at their convenience, and the only solution is to rotate their secrets and hope they have not been used before.<br><br>In this talk, we will take the attacker's point of view and discuss how we exploited a chain of misconfigurations and vulnerabilities in Azure Cosmos DB. From identifying the attack surface through leveraging a complex chain of vulnerabilities that enabled this exploitation, we will uncover obscure mechanisms in Azure's internal infrastructure that we managed to leverage to gain the ability to arbitrarily query data from customers' Cosmos DB instances.<br><br>Finally, we will dive deep into the vulnerability's root cause and describe the potential attack vectors and the best practices learned for building more secure cloud services.<br>

Presenters:

  • Nir Ohfeld - Security Researcher, Wiz
    Nir Ohfeld is a security researcher from Israel. Nir currently does cloud-related security research at Wiz. Nir specializes in the exploitation of web applications, application security and in finding vulnerabilities in complex high-level systems.
  • Sagi Tzadik - Security Researcher, Wiz
    Sagi Tzadik is a security researcher in the Wiz Research Team. Sagi specializes in research and exploitation of web applications vulnerabilities, as well as network security and protocols. He is also a Game-Hacking and Reverse-Engineering enthusiast.

Links:

Similar Presentations: