Broken authentication, improperly secured configuration files, and poor certificate management: Attackers could have exploited these issues to compromise any RHEL (Red Hat Enterprise Linux) instance on Microsoft Azure.
Ian Duffy, an Irish software engineer with the e-commerce company Zalando, discovered these flaws when creating a machine image of RHEL that was compliant with the Security Technical Implementation Guide defined by the Department of Defense. Microsoft has since fixed these problems, but they offer an object lesson in the hazards of poorly implemented cloud security.
To read this article in full or to leave a comment, please click here