Azure CosmosDB Vulnerability – What do I need to do? | ARGOS CSPM

submited by
Style Pass
2021-09-03 14:00:09

Just recently Wiz released an announcement into a very critical vulnerability in one of Microsoft Azure’s flagship services, Azure Cosmos DB.

If you were impacted by this vulnerability then Microsoft says that they will have sent you an email and a notification in the Azure Portal.

However, just because someone did not access your data that does not mean that they might not have taken the keys and are holding on to them.

Through this vulnerability the researchers showed that they were able to access other Microsoft Azure Cosmos DB customers’ access keys. Those keys are long-lived keys that do not change or expire, ever, unless you, the customer, do it.

This means that just because the issue was patched and this (should not) is not possible to exploit anymore, you still need to regenerate those keys.

Regenerating all the keys is simple, super simple in fact. Aaron Powell from Microsoft actually has a small script here that does it for you on all your Cosmos DB databases.

Leave a Comment