Home Security Extreme Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry

Extreme Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry

by crpt os


Jun 14, 2023Ravie LakshmananCloud Security / Vulnerability

Two “dangerous” security vulnerabilities have been disclosed in Microsoft Azure Bastion and Azure Container Registry that could have been exploited to carry out cross-site scripting (XSS) attacks.

“The vulnerabilities allowed unauthorized access to the victim’s session within the compromised Azure service iframe, which can lead to severe consequences, including unauthorized data access, unauthorized modifications, and disruption of the Azure services iframes,” Orca security researcher Lidor Ben Shitrit said in a report shared with The Hacker News.

XSS attacks take place when threat actors inject arbitrary code into an otherwise trusted website, which then gets executed every time when unsuspecting users visit the site.

The two flaws identified by Orca leverage a weakness in the postMessage iframe, which enables cross-origin communication between Window objects.

Cybersecurity

This meant that the shortcoming could be abused to embed endpoints within remote servers using the iframe tag and ultimately execute malicious JavaScript code, leading to the compromise of sensitive data.

However, in order to exploit these weaknesses, a threat actor would have to conduct reconnaissance on different Azure services to single out vulnerable endpoints embedded within the Azure portal that may have missing X-Frame-Options headers or weak Content Security Policies (CSPs).

“Once the attacker successfully embeds the iframe in a remote server, they proceed to exploit the misconfigured endpoint,” Ben Shitrit explained. “They focus on the postMessage handler, which handles remote events such as postMessages.”

By analyzing the legitimate postMessages sent to the iframe from portal.azure[.]com, the adversary could subsequently craft appropriate payloads by embedding the vulnerable iframe in an actor-controlled server (e.g., ngrok) and creating a postMessage handler that delivers the malicious payload.

Thus when a victim is lured into visiting the compromised endpoint, the “malicious postMessage payload is delivered to the embedded iframe, triggering the XSS vulnerability and executing the attacker’s code within the victim’s context.”

UPCOMING WEBINAR

🔐 Mastering API Security: Understanding Your True Attack Surface

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Join the Session

In a proof-of-concept (PoC) demonstrated by Orca, a specially crafted postMessage was found to be able to manipulate the Azure Bastion Topology View SVG exporter or Azure Container Registry Quick Start to execute an XSS payload.

Following responsible disclosure of the flaws on April 13 and May 3, 2023, Microsoft rolled out security fixes to remediate them. No further action is required on the part of Azure users.

The disclosure comes more than a month after Microsoft plugged three vulnerabilities in the Azure API Management service that could be abused by malicious actors to gain access to sensitive information or backend services.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex