Microsoft patches critical Azure API Vulnerabilities
Azure API Management is a Microsoft cloud-based service that enables organisations to publish, protect, and manage APIs (Application Programming Interfaces). While this service provides a safe and convenient approach to handle APIs, it is not without flaws. In this post, we will look at a flaw Ermetic research team that permitted unauthorised access to Azure API Management and its possible consequences.
Microsoft reported a vulnerability in Azure API Management in September 2021, allowing attackers to obtain unauthorised access to the service. A misconfiguration in the API Management service enabled attackers to circumvent the authentication method and get access to the APIs and the data they handle.
The vulnerability was created by a misconfiguration of the OpenID Connect (OIDC) authentication technique used by the Azure API Management service, according to Microsoft. Because of the misconfiguration, attackers were able to get an access token for the service without being properly authenticated. This access token might then be used to obtain unauthorised access to the APIs and the information they handle.
Because Azure API Management is frequently used to manage essential APIs that handle sensitive data, the effect of this vulnerability might be severe. Unauthorised access to these APIs might allow an attacker to steal or change sensitive data, undermine the security of other systems that rely on these APIs, or launch other attacks against the affected organisation.
Furthermore, attackers might use the vulnerability to conduct attacks against other organisations that utilise the same Azure API Management service. This might result in a major security breach impacting several organisations.
Microsoft has issued a security update that resolves the vulnerability, and organisations that use Azure API Management should deploy it as soon as possible. Organisations should also verify their API Management settings to ensure that the OIDC authentication mechanism is correctly established.
The weakness in Azure API Management that allows unauthorised access serves as a warning that even prominent technology firms’ cloud-based services are not immune to vulnerabilities. Organisations that use these services must ensure that sufficient security measures, including regular security assessments, are in place to safeguard their data and systems from possible assaults.
See more: Samsung Bans ChatGPT & AI After Massive Data Leak
See more: Romanian Telecom Users Targeted by Phishing Campaign
Author: Ashish Kumar Sar
We hope you found article interesting. For more exclusive content follow us on Facebook, Twitter and LinkedIn