The security researchers of Orca Security have shared the details of the now-fixed vulnerability in Microsoft‘s Azure Automation service. The vulnerability is named AutoWarp and it was a critical vulnerability allowing malicious actors to gain access to all Azure Automation customers’ accounts.
Many customers were at risk
According to the whitepaper published by Orca, an attack using the vulnerability would result in full control over resources and the data belonging to the target account. The scope of the results on attacks depends on the permissions assigned by the customer. The flaw has caused risks for unnamed companies from different industries such as telecommunications, car manufacturing, banking, accounting, and more.
The AutoWarp bug works only if the customers left Managed Identity feature on, which comes on by default. With the bug, it was possible to steal the access tokens continuously as it is visualized in the gif image by Orca above. The bug is now completely fixed. You can see the timeline of the bug below:
- December 6, 2021: Discovery of the vulnerability
- December 6, 2021: Report to Microsoft
- December 7, 2021: Discovery of the companies that are at risk
- December 10, 2021: Microsoft fixes the issue and checks for additional variants
- March 7, 2022: Orca publishes the whitepaper