Researchers have disclosed a severe Oracle Cloud Infrastructure (OCI) vulnerability that would allow unauthorised access to the cloud storage
Researchers have disclosed a severe Oracle Cloud Infrastructure (OCI) vulnerability that would allow unauthorised access to the cloud storage.
Oracle discovered the vulnerability in June and quickly fixed it within 24 hours. According to a blog entry on Tuesday by Wiz, the vulnerability was one of the most severe cloud vulnerabilities reported since it could have impacted all OCI customers.
The vulnerability, called ‘#AttachMe’ by researchers, violated one of the most important promises of cloud storage - that a customer’s data is secure from prying eyes.
“Each virtual disk in Oracle's cloud has a unique identifier called OCID," said Shir Tamari, head of research at Wiz, in a series of tweets. "This identifier is not considered secret, and organisations do not treat it as such."
"Given the OCID of a victim's disk that is not currently attached to an active server or configured as shareable, an attacker could 'attach' to it and obtain read/write over it," Tamari added.
The blog post written by Elad Gabay, a software engineer at Wiz, says, Cloud tenant isolation is a critical element in the cloud. Customers expect that their data isn’t accessible to other customers. Yet, cloud isolation vulnerabilities crack the walls between tenants.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?