​Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tag that could allow attackers to access customers’ private data.

    • a lil bee 🐝@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      6 months ago

      That’s not really what they said though. They said that this is not intended as a security mechanism, which is debatable from their original docs. They are maintaining that this was always intended to be used for routing and not as a source for block/allow lists. Frankly, regardless of your opinion on whether Microsoft is misrepresenting their original docs, nobody should be using Service Tags as security. Microsoft is completely correct there.