Unlocked Concept

Episode 225: Unpacking the Azure CHAOS DB Flaw with Nir Ohfeld of Wiz

In this episode of the podcast (#225) we’re joined by Nir Ohfeld, a Senior Security Researcher at the firm Wiz. Nir helped discover the recent CHAOS DB flaw in COSMOS DB, the flagship database for Microsoft’s Azure cloud platform. Nir and I discuss the implications of the flaw, what steps organizations should take to limit their exposure and the larger issue of cloud insecurity.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google PodcastsStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

[MP3]


A flight to the cloud is one of the most salient technology trends of the last decade. With each passing month, more and more organizations are swapping out on premises applications and platforms for their cloud based alternatives: GSuite or Office 365 for Office, Azure AD for Active Directory, Workday and Salesforce for SAP and Oracle…and on and on. 

But there are security trade offs that go along with cloud migration. And the past week made that abundantly clear, after Microsoft and security researchers from the firm Wiz revealed a critical flaw in COSMOS DB,  Microsoft’s Azure flagship database, which Wiz named “CHAOS DB.” 

Episode 152: What the Silex Malware says about IoT Insecurity and Cloud Security CEO Steve Mullaney on Amazon ReInforce

Nir Ohfeld is a Senior Security Researcher at Wiz.
Nir Ohfeld is a Senior Security Researcher at Wiz.

CHAOS DB: The Crown Jewel of Hacks

According to a report by researchers from Wiz, a flaw in the Jupyter Notebook, a common component of COSMOS DB,  opened thousands of Microsoft Azure customers to a “trivial” remote compromise that could have provided remote attackers with full administrative access (read, write, delete) to other customers Cosmos DB instances without authorization. The vulnerability  impacts thousands of organizations, including numerous Fortune 500 companies, Wiz reported. That prompted a warning by Microsoft, who also disabled the Jupyter Notebook feature on COSMOS DB just days after receiving the Wiz report.

(You can view a video explanation of the flaw here.)

Unsecured Database Exposes Data of 80M U.S. Households

Cloud Risks on the Rise

In this episode of the podcast, we’re joined by one of the researchers who discovered the CHAOS DB flaw. Nir Ohfeld is a Senior Security Researcher at Wiz. In this conversation, he and I discuss the flaw Wiz discovered in COSMOS DB and why it is so dangerous for organizations that use Azure. 

Episode 150: Microsoft’s Tanya Janca on securing Azure and Armor Scientific’s CTO on Life after Passwords

We also talk about the larger issue of cloud security,  how organizations migrating to cloud platforms might be unwittingly exposing themselves to remote attacks via vulnerable cloud applications – and the difficulty of doing security assessments and incident response on cloud-based platforms. 

I started by asking Nir to tell us a bit about Wiz and the work that company does to secure cloud environments. You can listen to our conversation above, or use the button below to download the MP3 recording.