Researchers find attackers can abuse the design of Microsoft Azure Guest Agent to recover plaintext administrator passwords.
The design of the Microsoft's Windows Azure Guest Agent could let hackers steal plaintext administrator passwords from target machines, researchers at Guardicore reported this week. If abused, the flaw could enable a cross-platform attack affecting every machine type Azure provides.
Analysts discovered the attack vector while researching the Azure Guest Agent, which provides plugins for Azure's infrastructure-as-a-service (IaaS) offerings. The agent receives tasks from the Azure infrastructure and executes them; tasks are saved on the machine's disk. VM Access is a plugin for recovering VM access when users are accidentally locked out, or credentials are lost.
This research uncovered several security issues, all of which have been shared with Microsoft. Guardicore claims attackers have been able to access plaintext credentials after taking over an Azure virtual machine - if the VM Access plugin had been used on the machine - since 2015.
....
....
....
....
