Microsoft has discovered a new vulnerability in the Azure Automation service, addressed as ‘AutoWarp’, that could have allowed malicious actors to take full control of other Azure customers' credentials.
Microsoft Azure Automation Service facilitates various functions such as process automation, configuration management, and update management features with each scheduled job running inside isolated sandboxes for each Azure customer.
According to Orca Security's Cloud Security Researcher Yanir Tsarimi, the vulnerability could allow cyber actors to steal other Azure customers' Managed Identities authentication tokens from an internal server that organizes the sandboxes of other users.
"Someone with malicious intentions could've continuously grabbed tokens, and with each token, widen the attack to more Azure customers. This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer. We discovered large companies at risk (including a global telecommunications company, two car manufacturers, a banking conglomerate, big four accounting firms, and more)." Yanir Tsarimi said.
Microsoft team said that the security flaw has been fixed by blocking access to auth tokens to all sandboxes except the one that has authentic access permission.
Following the incident, the company informed all its affected Azure users and recommended the best security practices for further protection of the system.