Fast Feed

Lost in Resolution: Azure OpenAI's DNS Resolution Issue

1 min read

Summary

  • In late 2024, researchers from Unit 42 discovered a problem with Azure OpenAI’s Domain Name System (DNS) resolution logic that could have allowed data leaks and Meddler-in-the-Middle (MitM) attacks between solutions.
  • This was due to misconfiguration in how the Azure OpenAI API and user interface handled domain names.
  • While the user interface required different custom domain names for each OpenAI instance, the API did not require a specific custom domain for one.
  • This meant that numerous tenants could share the same domain, which could resolve to the wrong, untrusted external IP address and pose a risk of data interception and service disruption.
  • Following the discovery, Microsoft took steps to remedy the problem and affected domains now resolve to legitimate Azure resources or are not resolvable.
  • The finding emphasizes the need for continuous monitoring of cloud configurations, validation of DNS resolutions and strict scrutiny of API-driven workflows.
  • Regular audits of managed services are advised to prevent routine configurations from presenting unforeseen risks.

By David Orlovsky

Original Article

Backlinks