- Get link
- X
- Other Apps
A recently released report by security researcher Adam Chester details a new method for attacking Azure cloud deployments; So far there is no known method to fix this vulnerability, so it is recommended to remain alert.
If an attacker compromises an organization’s Azure agent server, a component required to synchronize Azure AD with on-premises AD, you can create a kind of backdoor that allows you to sign in like any authorized user. A proof-of-concept was created to manipulate the Azure authentication function with the intent to:
- Get a “skeleton key” (also known as “master key”) that works for any user
- Dump all unencrypted usernames and passwords into a single file
Azure AD-Connect connects an Azure AD environment to an on-premises domain and has several authentication methods:
- Hash password synchronization: a method that synchronizes on-premises hashes with the cloud
- Pass-Through Authentication: A method that installs an “Azure agent” in a deployment to authenticate users synchronized from the cloud
- Federation: a method that is based on an AD FS infrastructure
This attack variant exploits Pass-Through authentication; the on-premises agent collects and verifies the credentials received by Azure AD for accounts that are synchronized with on-premises domains.
Comments
Post a Comment