American Technology Microsoft has released a press statement yesterday stating that it has fixed a flaw on the login system of its Azure cloud which could have put thousands of users at risk of being hacked.
After receiving a threat report from the researchers of Israeli based Cybersecurity firm CyberARK, Microsoft immediately analyzed and issued a fixe to the vulnerability associated with Microsoft Azure accounts and Microsoft’s OAuth 2.0 applications.
Security researchers claim that the vulnerability was so powerful that it could have spelled doomsday for the company due to the bug having capabilities to steal account tokens. In simple words account tokens allow online service users to use the same web service on a repeated note without the need to re-enter the passwords.
Researchers say that the vulnerability allowed the tokens to be accessed by hackers to steal information and that too without the consent of the user to exploit them- leading to a zero-click attack where the threat actors do not require user permission.
As the attack surface was very wide, the impact could have been serious if any hacker/hacking group could have sniffed the vulnerability. Like seeking sensitive information, compromising data from production servers, data loss or even encrypting the files with ransomware.
Note 1 – Now the login vulnerability has been fixed which would have otherwise put hundreds and thousands of users to risk.
Note 2– Technology companies like Google and Microsoft have been striving hard to keep their user data and services safe and secure from hackers. And Microsoft stands tall in patching its service vulnerabilities in the last decade or so.