|
|
|
|
|
|
by chatmasta
1186 days ago
|
|
|
If anything, it reminds me of Cloudbleed. In terms of easy AuthZ bypasses from Microsoft, the Azure OMIGOD vulnerability [0] comes to mind, aka "CVE-2021-38647 - Remote Code Execution - Remove the Authentication header and you are root." To be fair to Microsoft, Apple also had one of these (although it only affected your local machine) with CVE-2017-13872 which let you become root by entering the username "root," clicking into the empty password field, and pressing Submit. [1] I'll repeat my comment from upthread: authorization is hard! [0] https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-o... [1] https://objective-see.org/blog/blog_0x24.html |
|
|