Researchers have uncovered a new flaw in Microsoft Azure that could allow hackers to log in as any network user and gain access to a host of sensitive data.
According to security firm Varonis, Azure agent servers can be manipulated to set up a backdoor via which the hacker can gather user credentials and other valuable information.
“This attack method exploits the Azure agent used for Pass-Through Authentication. The on-prem agent collects and verifies credentials received by Azure AD for accounts that are synced with on-prem domains,” said security researcher Eric Saraga in a blog post.
“After compromising a server running an Azure agent, we can tamper with the authentication flow," he added
Thankfully, exploiting the agent isn’t a straightforward task, requiring both the Azure AD Connect configured for Pass-Through Authentication and admin privileges on a Azure agent server. In his post, Saraga makes clear this is not a vulnerability per se, but rather an exploit.
“An attacker requires privileged access to exploit the Azure agent in this way, so the Microsoft Security Response Centre’s response to our report leads us to believe a patch will not be created,” he said.
“This report does not appear to identify a weakness in a Microsoft product or service that would enable an attacker to compromise the integrity, availability, or confidentiality of a Microsoft offering. For this issue, the attacker needs to compromise the machine first before they can take over the service."