AutoWarp Vulnerability: How hackers unauthorisedly accessing Microsoft Azure Accounts

AutoWarp vulnerability in the Azure Automation service that allows unauthorized access to other Azure customer accounts.
Updated on
April 19, 2023
Published on
April 20, 2022
Subscribe to the latest industry news, threats and resources.

AutoWarp Vulnerability Executive Summary

  • AutoWarp is a critical vulnerability found in Azure Automation service that allows access to the internal server managing the Azure Sandbox.
  • The Web services are running locally on random high ports and the JWT tokens have subscription ID, tenant ID, and automation account resource ID.
  • These random ports provide the JWT of other people’s Azure accounts to attackers which can be further used to access the accounts.

Microsoft Azure Automation Service

Microsoft Azure is a cloud based process automation service that also offers computing, analytics, network, and storage services. Users can leverage Microsoft Azure Automation to execute automation code in a controlled environment. They can also create and schedule jobs, as well as provide input and output. Each user's automation code is segregated from other users' code running on the same virtual machine in a sandbox.

What is AutoWarp Automation Security Vulnerability?

AutoWarp is a critical vulnerability in the Azure Automation service that allows unauthorized access to other Azure customer accounts. Depending on the permissions granted by the customer, this attack could result in complete control over the target account's resources and data. Using exposed JWT (JSON Web Tokens), the vulnerability permits unauthorized access to other people's Azure accounts. This exploitation was executed by making a GET request to discover local endpoints, which in turn exposed the JWT token to the researcher. If enough permission is granted, the JWT token will get mapped directly to the managed identity, granting access to the account. Any user who has been using the Azure Automation service is vulnerable to the AutoWarp vulnerability. Additionally, any user's account that has the Automation account's Managed Identity feature turned on (usually enabled by default) becomes immediately susceptible to the vulnerability. Microsoft mitigated the issue by blocking access to Managed Identities tokens to all sandbox environments except the one that had legitimate access. AutoWarp is the third major flaw disclosed in Azure more recently. Azure also exposed the OHMIGOD remote code execution vulnerability in September 2021, and the NotLegit hole vulnerability in December 2021, which allowed unauthorized file downloads and persisted for four years.

AutoWarp Discovery Timeline

  • 6 December 2021: The AutoWarp vulnerability was identified and disclosed to Microsoft.
  • 7 December 2021: Large companies, including a global telecommunications company, two car manufacturers, a banking conglomerate, big four accounting firms, etc., were identified to be affected by this flaw.
  • 10 December 2021: Microsoft patched the vulnerability and began examining for more iterations of the attack.
  • 7 March 2022: Microsoft’s investigation was completed and the results were made public.
[caption id="attachment_19252" align="alignnone" width="1582"]AutoWarp Vulnerability Discovery Timeline AutoWarp Vulnerability Discovery Timeline[/caption]

Information from the Research

  • The file structure has two directories inside the C: Drive named Orchestrator and temp. The Orchestrator, in turn, contains a filename called sandbox which could have the details on how to run the sandbox. The temp directory contains a file named “trace.log” inside the “diags” directory.
[caption id="attachment_19253" align="alignnone" width="778"]Image of the file structure Image of the file structure[/caption]  
  • The trace.log file contains a very intriguing endpoint indicating the presence of a web service running locally on random ports with port numbers that are very high, around 40,000.
[caption id="attachment_19254" align="alignnone" width="1178"]Image of the log file present inside Orchestrator Directory Image of the log file present inside Orchestrator Directory[/caption]  
  • The Orchestrator directory contains .NET code, which discloses two routes, namely “/oauth2/token” and “/metadata/identity/oauth2/token,” mapped to a controller called MSIController.
[caption id="attachment_19255" align="alignnone" width="1024"]Source Code of Automation Services Source Code of Automation Services[/caption]  
  • This MSIController class contains a method named “GetMSIToken,” which can be used to obtain the access token using the GET parameter mentioned in the function.
  • Once the request is sent successfully, the JWT, which contains information like subscription ID, tenant ID, and automation account resource ID, is provided.
  • The token received can be validated using Azure CLI and if proper permissions are enabled for automation scripts, it gets mapped with the managed identity.
[caption id="attachment_19256" align="alignnone" width="1024"]Source code to get the Access Token using the GET method Source code to get the Access Token using the GET method[/caption]  
  • There is no harm in mapping the token with managed identity. The main flaw comes with the local service running on those high random ports. When an automated operation executes, the ports change, but they remain within a certain range of 40,000.
  • Now that each random port is known to provide a JWT. As these ports provide a new endpoint that belongs to other users’ Azure accounts, it directly indicates that we can access the JWT of other user Azure accounts. And if the provided permissions are enough, then the attacker will obtain complete access to their Azure account.

Impact & Mitigation

Impact How can you Mitigate AutoWarp Vulnerability
  • An attacker has access to sensitive information linked to the Azure account such as subscription ID, tenant ID, etc.
  • An attacker can gain unauthorized access to ay user’s Azure account.
  • An attacker has complete access to the resources and data that can be abused as well.
  • A remote attacker can leverage the information to chain the attack and expand the attack surface.
  • Microsoft introduced a new HTTP header called “X-IDENTITY-HEADER” which is required while requesting for identities and this should be set to a secret value in the environment variables. The value inside it gets compared with the secret value stored in the environment variable and if these values correspond successfully, then the identity gets confirmed otherwise the access is denied.
  • Please refer to Azure Automation Security Guidelines.


  1. Yanir Tsarimi Blog:
  2. MSRC official release: ​​

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations