Microsoft Azure has a design flaw where sharing key authorization is enabled by default when creating a storage account, which could lead to an attacker gaining full access to an environment.
Microsoft has acknowledged the issue, and investigation by their Security Response Center is ongoing.
The issue is related to Azure storage accounts and function apps, and could enable an attacker to manipulate storage account data, move laterally within the cloud environment, steal credentials, and escalate privilege.
Customers are encouraged to disable share key access and use Azure Active Directory authentication instead. Role-based access and identity-based authorization are also recommended.
Give a Pawfive to this post!
Share with your friends and followers
Start writing about what excites you in tech — connect with developers, grow your voice, and get rewarded.
Join other developers and claim your FAUN.dev() account now!
