Microsoft Azure found to have the 'worst cloud vulnerability you can imagine' -- ChaosDB
Security researchers have discovered a serious security vulnerability in Microsoft Azure that could given an attacker unfettered access to any and all of the databases stored on its Cosmos DB service.
Researchers from security firm Wiz found that it is not only possible but trivial to obtain the primary keys to databases. The vulnerability, dubbed ChoasDB, may have existed since the introduction of the Jupyter Notebook back in 2019, and it gives attackers the ability to access, edit and delete data or entire databases. Microsoft is unable to change primary keys itself, and has emailed customers to advise them to do so; but the company has been criticized for failing to contact sufficient numbers of users.