October 2, 2023

Researchers identified two cloud related vulnerabilities in Azure Bastion and Azure Container Registry, which allowed an attacker to achieve cross-site scripting by using iframe-postMessages [and] allowed unauthorized access to the victim’s session within the compromised Azure service iframe

Cross-site scripting (XSS) is an event in which a threat actor injects malicious scripts into a credible website, ultimately executed by users’ browsers unknowingly. At that point, this can lead to severe consequences, noted Orca Security, as threat actors can gain unauthorized access, compromise network systems, or even steal data.

Advertisements

Attack Flow

  1. Reconnaissance
  2. Endpoint Misconfiguration
  3. Exploiting the Misconfigured Endpoint
  4. Analyzing Legitimate postMessages
  5. Debugging and Identifying Vulnerable Code
  6. Crafting the Exploitative Payload
  7. Delivery and Execution
  8. Exploitation Consequences

By understanding these steps, organizations can strengthen their security measures and protect against other postMessage iframe vulnerabilities in Azure services.

Researchers notified the Microsoft Security Response Center (MSRC) immediately upon discovery of the bugs. MSRC was able to reproduce the issues after it was notified of the vulnerabilities’ existence in order to patch and verify them.

These vulnerabilities require a victim to be lured into visiting a compromised endpoint that the malicious actor controls.

Tags:

Leave a Reply

You may have missed

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023

Exim Mail Transfer Server Vulnerabilities

September 30, 2023
%d bloggers like this: