Author: cc1161666@gmail.com

Microsoft recently confronted challenges in its cloud computing domain, notably encountering security issues tied to authentication. Tenable, a prominent cybersecurity firm, exposed these vulnerabilities and criticized Microsoft for lacking transparency in its cloud security approach. The concern stemmed from inadequate access control within Azure Function hosts, specifically related to custom connectors in Microsoft’s Power Platform (Power Apps, Power Automation). This flaw allowed unauthorized access to Azure Functions by exploiting guessed hostnames associated with custom connectors, effectively sidestepping authentication. This vulnerability enabled attackers to interact with these functions devoid of proper authentication. They could also deduce Azure Function hostnames for other…

Read More