{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"8月26日,雲安全供應商 Wiz "},{"type":"link","attrs":{"href":"https:\/\/www.wiz.io\/blog\/chaosdb-how-we-hacked-thousands-of-azure-customers-databases","title":"","type":null},"content":[{"type":"text","text":"宣佈"}]},{"type":"text","text":",在 Microsoft Azure 的託管數據庫服務 Cosmos DB 中發現了一個漏洞, Wiz 將其命名爲“Chaos DB”,攻擊者可以利用該漏洞獲得該服務上每個數據庫的讀\/寫訪問權限。儘管 Wiz 在兩週前才發現了該漏洞,但該公司表示,該漏洞已經在系統中存在“至少幾個月,甚至幾年”。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Azure Cosmos DB 是一種用於新式應用開發的、完全託管的 NoSQL 數據庫。 2019 年,微軟向 Cosmos DB 中添加了一項名爲 Jupyter Notebook 的功能,可以將客戶數據可視化並自動創建自定義視圖(見下圖)。2021 年 2 月,所有 Cosmos DB 都自動啓用了 Jupyter Notebook 功能。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/6f\/69\/6f344da78d8c067c194746428ae6a969.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據"},{"type":"link","attrs":{"href":"https:\/\/link.jianshu.com\/?t=https%3A%2F%2Fjupyter-notebook.readthedocs.io%2Fen%2Fstable%2Fnotebook.html","title":"","type":null},"content":[{"type":"text","text":"官方介紹"}]},{"type":"text","text":",Jupyter Notebook是基於網頁的用於交互計算的應用程序,可被應用於全過程計算:開發、文檔編寫、運行代碼和展示結果。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Wiz團隊表示,Jupyter 功能中的錯誤配置會導致特權提升漏洞,該漏洞可能會被攻擊者用來訪問其他 Cosmos DB 主鍵和其他高度敏感的機密,例如筆記本 blob 存儲訪問令牌等。在收集 Cosmos DB 機密後,攻擊者可以利用密鑰對受影響 Cosmos DB 帳戶中存儲的所有數據進行完全管理員訪問。不過,Wiz團隊暫時還未公佈具體技術細節。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/3c\/6b\/3c947cda5ceb247766c6392ab966866b.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"與臨時令牌不同,Cosmos DB 的主鍵不會過期——如果其已經被泄露且沒有被更改,攻擊者仍然可以在幾年後使用該主鍵來竊取、操縱或破壞數據庫。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據悉,微軟安全團隊目前已經禁用了易受攻擊的筆記本功能,並通知超過 30% 的 Cosmos DB 客戶需要手動輪換訪問密鑰以減少風險,這些是在 Wiz 探索漏洞一週左右內啓用了 Jupyter Notebook 功能的客戶。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"除了警告 3,000 多名客戶注意該漏洞並提供緩解說明外,微軟還向 Wiz 支付了 40,000 美元的賞金。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據Wiz團隊表示,每個使用 notebook 功能或在 2021 年 1 月之後創建 Cosmos DB 帳戶的用戶都可能面臨風險。從今年 2 月開始,每個新創建的 Cosmos DB 帳戶都默認啓用了 notebook 功能,即使客戶不知道並且從未使用過該功能,他們的主鍵可能也已暴露。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Wiz 首席技術官 Ami Luttwak 將其描述爲“你能想象到的、最嚴重的雲漏洞”,並補充道,“這是 Azure 的中央數據庫,我們能夠訪問我們想要的任何客戶數據庫。”"}]}]}
Microsoft Azure出現漏洞,攻擊者可輕鬆訪問Cosmos DB 數據庫
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"8月26日,雲安全供應商 Wiz "},{"type":"link","attrs":{"href":"https:\/\/www.wiz.io\/blog\/chaosdb-how-we-hacked-thousands-of-azure-customers-databases","title":"","type":null},"content":[{"type":"text","text":"宣佈"}]},{"type":"text","text":",在 Microsoft Azure 的託管數據庫服務 Cosmos DB 中發現了一個漏洞, Wiz 將其命名爲“Chaos DB”,攻擊者可以利用該漏洞獲得該服務上每個數據庫的讀\/寫訪問權限。儘管 Wiz 在兩週前才發現了該漏洞,但該公司表示,該漏洞已經在系統中存在“至少幾個月,甚至幾年”。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Azure Cosmos DB 是一種用於新式應用開發的、完全託管的 NoSQL 數據庫。 2019 年,微軟向 Cosmos DB 中添加了一項名爲 Jupyter Notebook 的功能,可以將客戶數據可視化並自動創建自定義視圖(見下圖)。2021 年 2 月,所有 Cosmos DB 都自動啓用了 Jupyter Notebook 功能。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/6f\/69\/6f344da78d8c067c194746428ae6a969.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據"},{"type":"link","attrs":{"href":"https:\/\/link.jianshu.com\/?t=https%3A%2F%2Fjupyter-notebook.readthedocs.io%2Fen%2Fstable%2Fnotebook.html","title":"","type":null},"content":[{"type":"text","text":"官方介紹"}]},{"type":"text","text":",Jupyter Notebook是基於網頁的用於交互計算的應用程序,可被應用於全過程計算:開發、文檔編寫、運行代碼和展示結果。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Wiz團隊表示,Jupyter 功能中的錯誤配置會導致特權提升漏洞,該漏洞可能會被攻擊者用來訪問其他 Cosmos DB 主鍵和其他高度敏感的機密,例如筆記本 blob 存儲訪問令牌等。在收集 Cosmos DB 機密後,攻擊者可以利用密鑰對受影響 Cosmos DB 帳戶中存儲的所有數據進行完全管理員訪問。不過,Wiz團隊暫時還未公佈具體技術細節。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/3c\/6b\/3c947cda5ceb247766c6392ab966866b.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"與臨時令牌不同,Cosmos DB 的主鍵不會過期——如果其已經被泄露且沒有被更改,攻擊者仍然可以在幾年後使用該主鍵來竊取、操縱或破壞數據庫。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據悉,微軟安全團隊目前已經禁用了易受攻擊的筆記本功能,並通知超過 30% 的 Cosmos DB 客戶需要手動輪換訪問密鑰以減少風險,這些是在 Wiz 探索漏洞一週左右內啓用了 Jupyter Notebook 功能的客戶。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"除了警告 3,000 多名客戶注意該漏洞並提供緩解說明外,微軟還向 Wiz 支付了 40,000 美元的賞金。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據Wiz團隊表示,每個使用 notebook 功能或在 2021 年 1 月之後創建 Cosmos DB 帳戶的用戶都可能面臨風險。從今年 2 月開始,每個新創建的 Cosmos DB 帳戶都默認啓用了 notebook 功能,即使客戶不知道並且從未使用過該功能,他們的主鍵可能也已暴露。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Wiz 首席技術官 Ami Luttwak 將其描述爲“你能想象到的、最嚴重的雲漏洞”,並補充道,“這是 Azure 的中央數據庫,我們能夠訪問我們想要的任何客戶數據庫。”"}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章