back to article ChaosDB: Infosec bods could pull anyone's plaintext Azure Cosmos DB keys at will from Microsoft admin tools

An astonishing piece of vulnerability probing gave infosec researchers a way into to Microsoft's management controls for Azure Cosmos DB – with full read and write privileges over customer databases. The so-called ChaosDB vuln gave Wiz researchers "access to the control panel of the underlying service" that hosts Azure Cosmos …

  1. EarthDog

    Chaos DB

    The name says it all. Seriously, not a name to give people a sense of security.

    1. Al fazed
      Unhappy

      Re: Chaos DB

      We could say the same for Microsoft, still.

    2. jake Silver badge

      Re: Chaos DB

      A rose, by any other name ...

      For example, arguably the best Linux distro out there is called "Slackware".

    3. phuzz Silver badge
      Facepalm

      Re: Chaos DB

      "Chaos DB" was the name that the researchers gave to the vulnerability that they found. The actual product is called Cosmic DB.

      (RTFA)

  2. Bitsminer Silver badge

    Horizontal Bop

    Bob Seger, 1980.

    https://youtu.be/JbmxmGMuVQo

    The new Microsoft Azure theme song.

  3. Anonymous Coward
    Anonymous Coward

    Give me strength

    Easy root access from user space is a bit of an old habit in M$ land, so basic yet so overlooked. What's the point of containers if you leave the doors open and a welcome sign for bad guys.

    1. Al fazed
      FAIL

      Re: Give me strength

      What's the point in running Linux on top of Windows, oh yeah, security !!!!!

      ALF

  4. jake Silver badge

    And yet STILL ...

    ... Corporations world wide will continue to allow Redmond's crapware into their offices.

    Do you realize that there are close to two entire generations of people who think that software and operating systems are supposed to work like this? This has got to be the largest fraud ever perpetuated upon good old Homo Sap ... or maybe second, to the super-set of individual examples dubbed "religion".

    1. Al fazed
      Megaphone

      Re: And yet STILL ...

      The MoD, the Judiciary, the DWP, HMRC, Police, British Rail, etc are using this cruft too in one form or another and have been doing so since, well since Microsoft re-invented Swiss cheese.

      ALF

      1. sitta_europea Silver badge

        Re: And yet STILL ...

        "The MoD, the Judiciary, the DWP, HMRC, Police, British Rail ..."

        You forgot Parliament.

        That's where the rot started.

  5. ecofeco Silver badge

    I'll say it again

    So how's that cloud thing working for ya?

    ...and NEVER trust MS.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like