Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tag that could allow attackers to access customers’ private data.
Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tag that could allow attackers to access customers’ private data.
That’s not really what they said though. They said that this is not intended as a security mechanism, which is debatable from their original docs. They are maintaining that this was always intended to be used for routing and not as a source for block/allow lists. Frankly, regardless of your opinion on whether Microsoft is misrepresenting their original docs, nobody should be using Service Tags as security. Microsoft is completely correct there.