Orca identifies four Microsoft Azure services susceptible to server-side request forgery

Share post:

Orca, a cloud security firm, has disclosed details on four server-side request forgery (SSRF) vulnerabilities that affects Azure devices like Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins.

Three of the Azure flaws were classified as “Important,” while one was classified as “Low.” Microsoft patched all four SSRF flaws. While two of these flaws could have been exploited without requiring authentication. The four SSRF flaws only affect cloud software and do not affect local software in Azure customer environments.

According to Lidor Ben Shitrit, cloud security researcher at Orca, and Dror Zalman, director of cloud security research at Orca, the vulnerabilities in two instances involving Azure Functions and Azure Digital Twins did not require authentication, so an attacker could exploit them without an Azure account.

The discovered Azure SSRF vulnerabilities allowed an attacker to scan local ports for new services, endpoints, and files. This provided useful information on potentially vulnerable servers and services to exploit for initial entry, as well as the location of potentially vulnerable information.

Microsoft was notified of the research and has since confirmed that the vulnerabilities have been fixed.

The sources for this piece include an article in TheHackerNews

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways