Home Service company Security firm Orca discovers “AutoWarp”, a cross-tenant vulnerability in Azure Automation Service

Security firm Orca discovers “AutoWarp”, a cross-tenant vulnerability in Azure Automation Service


Disclosure of a leak in Microsoft’s Azure Automation platform in December 2021 recently surfaced to highlight a possible cross-tenant vulnerability in the process.

According to a report from Venture Beat, Microsoft was lucky to have the exploit flagged by a friendly researcher from Orca Security who managed to find a report on the Azure Automation vulnerability before malicious hackers could take advantage of it. of the security failure.

Had Orca not been on the case, the vulnerability had the power to allow someone to jump from one Azure tenant to another with access to customer data and information.

Orca researcher Yanir Tsarimi reported the tenant vulnerability dubbed Auto Warpto Microsoft on December 6, 2021 and the company claims to have patched the exploit four days later on December 10, 2021.

In the time leading up to its discovery or the four days since, “‘You could have gotten a lot of access to a lot of customers very easily,'” said Yoav Alon, CTO of cloud security firm Orca Security.

More specifically, the Auto Warp The vulnerability would have allowed hackers to take advantage of permissions companies put in place to help automate processes and gain access to full account resources based on the current configuration.

Although the explanation may seem tertiary, the mechanics are frighteningly simple, with the exploit posing one of the most severe consequences in the cloud, according to Alon.

So actually being able to take over or access someone else’s account is a pretty big violation. It is considered one of the biggest security holes you can have in the cloud. This is one of the main promises of cloud providers — they promise you that no other tenant will be able to access your data or resources.

Alon’s statement is based on Yanir Tsarimi’s write-up on the company’s blog which includes full technical details such as logs, sandboxes, timelines, etc.

Microsoft’s Azure Automation wasn’t the only cloud service provider Orca contacted regarding cross-tenant vulnerabilities. In January, Tsarimi published another report on a similar exploit called Superglue in Amazon Web Services (AWS).

We discovered a critical security issue in the AWS Glue service that could allow an actor to create resources and access data from other AWS Glue customers. The exploit was a complex multi-step process and was ultimately possible due to an internal misconfiguration within AWS Glue. The Glue service has access to large amounts of data, which makes it a very attractive target.

Similarly, no customer accounts were “inappropriately accessed”, but Alon warns that simple flaws such as these will continue to have far greater impacts as more people put information in the cloud.

Share this post: