ExtraReplica: Microsoft patches cross-tenant bug in Azure PostgreSQL

Microsoft has patched a security weakness in Azure PostgreSQL which could have been exploited to execute malicious code.

On Thursday, researchers from Wiz Research published an advisory on “ExtraReplica,” described as a “cross-account database vulnerability” in Azure’s infrastructure.

Microsoft Azure is a hybrid cloud service and accounts for hundreds of thousands of enterprise customers.

According to Wiz, a “chain” of vulnerabilities could be used to bypass Azure’s tenant isolation, which prevents software-as-a-service (SaaS) systems customers from accessing resources belonging to other tenants.

ExtraReplica’s core attack vector is based on a flaw that allowed attackers read access to PostgreSQL databases without authorization.

Once a target, public PostgreSQL Flexible Server has been selected, an attacker has to find the target’s Azure region “by resolving the database domain name and matching it to one of Azure’s public IP ranges,” according to Wiz.

An attacker-controlled database then has to be created in the same region. The first vulnerability, found in Azure’s PostgreSQL engine modifications, would be exploited on the attacker-controlled instance, leading to escalated ‘superuser’ privileges and the ability to execute code.

The second bug in the chain, buried in the certificate authentication process, would

Read More: https://www.zdnet.com/article/extrareplica-microsoft-patches-certificate-transparency-bug-in-azure-postgresql/#ftag=RSSbaffb68