Security Vulnerability detected on one of our Azure VM and how to remediate it

Maya 0 Reputation points
2023-07-06T13:23:10.1566667+00:00
These are vulnerability description we have found for one VM , how we can remediate it ??
 1. Cleartext cloud keys pose a serious security risk, as they allow lateral movement within your environment. As a security guidance, there should not be any cleartext cloud keys in your environment. All cloud keys should be properly managed using approved secret management solutions. Wiz leverages the graph to analyze the potential escalation paths from each cloud key by connecting it to the Identity principal that created it.

2. This VM/Serverless stores cleartext cloud keys allowing high privileges at a high level scope in your Azure/GCP tenant.

3.An exposed private key stored in cleartext was detected on the VM/serverless. This private key may be a sensitive key as it belongs to a wildcard domain certificate that is signed by a CA. If that key is compromised, all secure connections to all servers and subdomains listed in the certificate will be compromised. Moreover, that attacker will be able impersonate any domain protected by that wildcard certificate by creating a new sub-domain for the certificate's domain and use it for hosting malicious sites and phishing campaigns.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,371 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Kara, Salih 190 Reputation points
    2023-07-06T13:58:54.0033333+00:00

    Hi Maya,

    The issues relate to the storage and management of sensitive information, specifically cleartext cloud keys and an exposed private key. These vulnerabilities pose significant security risks, including the potential for unauthorized access and compromise of secure connections.

    Luckily Azure has the services you need to remidiate all your problems. I recommend implementing an approved secret management solution, such as Azure Key Vault, to securely store and manage the cloud keys. Azure Key Vault provides a secure and centralized location for storing secrets, including cloud keys, with robust access controls and encryption.

    Additionally, the exposed private key stored in cleartext requires immediate attention. I suggest removing the exposed private key and replacing it with a new private key. To obtain a new wildcard domain certificate, you can consider using Azure App Service or Azure Kubernetes Service (AKS) for hosting your applications. These services provide built-in certificate management capabilities and integration with Azure Key Vault for securely storing and retrieving certificates.

    To remediate the vulnerabilities, I recommend the following steps:

    1. Implement Azure Key Vault to securely store and manage cloud keys.
    2. Generate new cloud keys and update the configurations of affected applications and services to use the keys stored in Azure Key Vault.
    3. Remove the exposed private key and replace it with a new private key generated through Azure Key Vault or a trusted certificate authority.
    4. Obtain a new wildcard domain certificate through Azure App Service or AKS, utilizing Azure Key Vault for secure certificate storage.
    5. Follow best practices for secure key management, including regular key rotation and restricted access controls.

    Hope this helps!

    ** Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    2 people found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.