ChaosDB: How We Hacked Databases of Thousands of Azure Customers (rev)

In August 2021, the Wiz Research Team uncovered ChaosDB - a critical cross-tenant vulnerability in Azure Cosmos DB, Azure’s flagship managed database solution which is used by countless organizations. This vulnerability is every company’s worst nightmare: even a flawless environment is affected. Easily exploitable, this bug allowed any Azure user to have full admin access to thousands of customers’ databases, including Fortune 500 companies, without any procedural is an unprecedented cloud vulnerability... By: Nir Ohfeld & Sagi Tzadik Full Abstract & Presentation Materials: #chaosdb-how-we-hacked-databases-of-thousands-of-azure-customers-25200