+54April 28, 2022 By Sergiu Gatlan
Microsoft has addressed a chain of critical vulnerabilities found in the Azure Database for PostgreSQL Flexible Server that could let malicious users escalate privileges and gain access to other customers' databases after bypassing authentication.
The Flexible Server deployment option for Azure Database for PostgreSQL gives customers the maximum possible control over their databases, including fine-grained tunning and multiple configuration parameters.
Well this is very scary. “By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers’ databases,” The data isnt as segrated as it seems.
+25As I said in another thread, Microsoft does not test its code in the wild and get hackers involved before releasing to live systems. Then, hackers attack flaws and use those flaws for bad actor work. This one is particularly bad given the escalation of privileges issue.
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
