Quote:A critical security vulnerability in Microsoft’s Azure cloud database platform – Cosmos DB – could have allowed full remote takeover of accounts, with admin rights to read, write and delete any information to a database instance.
According to researchers at Wiz, any Azure customer could access another customer’s account, without authentication. The bug, dubbed #ChaosDB, could be trivially exploited, and “impacts thousands of organizations, including numerous Fortune 500 companies,” according to researchers.
Microsoft disabled the buggy component after being alerted to it by Wiz and notified more than 30 percent of Cosmos DB customers about the issue, but “we believe the actual number of customers affected by #ChaosDB is higher,” according to a Wiz writeup, published on Thursday.
The firm added that any prior exploitation is unknown, and that “the vulnerability has been exploitable for months and every Cosmos DB customer should assume they’ve been exposed.”
Incidentally, the issue has no CVE because cloud bugs aren’t designated within that system, researchers added.
Read more: Critical Azure Cosmos DB Bug Allows Full Cloud Account Takeover
![[-]](https://www.geeks.fyi/images/collapse.png)
